Homarr•3w ago

[SOLVED] OIDC keycloak with kerberos error code 502

Homarr auth through keycloak oidc with kerberos returns error code 502, but it does work without kerberos or on 0.15.X with kerberos

6 Replies

Cakey Bot•3w ago

Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.

⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)

Frequently Asked Questions | Homarr documentation

Can I install Homarr on a Raspberry Pi?

VaultSoldierOP•3w ago

keycloak config (works with 0.15)

homarr.json

VaultSoldierOP•3w ago

Homarr docker-compose config

- NODE_TLS_REJECT_UNAUTHORIZED=0
- NEXTAUTH_URL=https://portal.example.com
- BASE_URL=https://portal.example.com
- AUTH_PROVIDERS=credentials,oidc
- AUTH_OIDC_ISSUER=https://sso.example.com/realms/EX
# - AUTH_LOGOUT_REDIRECT_URL=https://portal.example.com
- AUTH_OIDC_CLIENT_ID=homarr
- AUTH_OIDC_CLIENT_SECRET=example-secret
- AUTH_OIDC_CLIENT_NAME=SSO
- AUTH_OIDC_AUTO_LOGIN=false

labels:
- "traefik.enable=true"
- "traefik.http.routers.homarr.entrypoints=http"
- "traefik.http.routers.homarr.rule=Host(`portal.example.com`)"
- "traefik.http.middlewares.homarr-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.homarr.middlewares=homarr-https-redirect"
- "traefik.http.routers.homarr-secure.entrypoints=https"
- "traefik.http.routers.homarr-secure.rule=Host(`portal.example.com`)"
- "traefik.http.routers.homarr-secure.tls=true"
- "traefik.http.routers.homarr-secure.service=homarr"
- "traefik.http.services.homarr.loadbalancer.server.port=7575"
- "traefik.docker.network=proxy"

- NODE_TLS_REJECT_UNAUTHORIZED=0
- NEXTAUTH_URL=https://portal.example.com
- BASE_URL=https://portal.example.com
- AUTH_PROVIDERS=credentials,oidc
- AUTH_OIDC_ISSUER=https://sso.example.com/realms/EX
# - AUTH_LOGOUT_REDIRECT_URL=https://portal.example.com
- AUTH_OIDC_CLIENT_ID=homarr
- AUTH_OIDC_CLIENT_SECRET=example-secret
- AUTH_OIDC_CLIENT_NAME=SSO
- AUTH_OIDC_AUTO_LOGIN=false

labels:
- "traefik.enable=true"
- "traefik.http.routers.homarr.entrypoints=http"
- "traefik.http.routers.homarr.rule=Host(`portal.example.com`)"
- "traefik.http.middlewares.homarr-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.homarr.middlewares=homarr-https-redirect"
- "traefik.http.routers.homarr-secure.entrypoints=https"
- "traefik.http.routers.homarr-secure.rule=Host(`portal.example.com`)"
- "traefik.http.routers.homarr-secure.tls=true"
- "traefik.http.routers.homarr-secure.service=homarr"
- "traefik.http.services.homarr.loadbalancer.server.port=7575"
- "traefik.docker.network=proxy"

Homarr ver: v1.4.0 Keycloak ver: 25.0.2 OS: Debian 12 Keycloak log

Feb 05 02:14:20 sso kc.sh[436737]: Will use keytab
Feb 05 02:09:52 sso kc.sh[436737]: Commit Succeeded
Feb 05 02:09:52 sso kc.sh[436737]: Krb5LoginModule]: Entering logout
Feb 05 02:09:52 sso kc.sh[436737]: Krb5LoginModule]: logged out Subject

Feb 05 02:14:20 sso kc.sh[436737]: Will use keytab
Feb 05 02:09:52 sso kc.sh[436737]: Commit Succeeded
Feb 05 02:09:52 sso kc.sh[436737]: Krb5LoginModule]: Entering logout
Feb 05 02:09:52 sso kc.sh[436737]: Krb5LoginModule]: logged out Subject

Meierschlumpf•3w ago

502 seems like a proxy issue. Is there an issue with the traefik proxy maybe?

VaultSoldierOP•3w ago

Is it a Keycloak reverse proxy problem or Hommar? I searched for this problem and found a solution on Stack Overflow for Keycloak, but it didn't work for me.

Stack Overflow

Why do I get 502 when trying to authenticate

I'm trying to implement authentication for my UI application I'm using https://github.com/joaojosefilho/vuejsOidcClient which I succesffully configured to work with gluu auth server Now I wanted t...

VaultSoldierOP•3w ago

I have a gut feeling that It must be keycloak reverse proxy, but why? It works fine with every other OIDC services and it worked fine on 0.15 And the strangest thing to me is that it works fine with OIDC, but when Keycloak automatically logs you in with Kerberos, it results in a 502 error. I have a flow in Keycloak that first tries to log you in with Kerberos. If it fails, it prompts you for an email and password, which works. However, if it succeeds with Kerberos, it results in a 502 error. NVM. This helped. I opened /etc/nginx/sites-enabled/sso with nvim and saved with :w, but when you open files with sudoedit it opens temporary file and writing without exiting does nothing

Gaming

Programming

[SOLVED] OIDC keycloak with kerberos error code 502

Did you find this page helpful?