You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've configured a Docker-based Weblate 4.1.1-3 instance to connect with Keycloak 11.0.2 according to the procedure described in python-social-auth keycloak.py.
Initiating a user login workflow from Weblate's web UI by clicking the "keycloak" button on the Weblate's login form redirects us to Keycloak as intended. After successful authentication in Keycloak, the browser is redirected back to weblate during a long pause, resulting in the browser coming to a stand-still at a "Server Error".
The admin email account receives two emails detailing the error, the first with nice HTML formatting and a stack trace, the second in plaintext with less detail.
Looking at the point of failure in stack trace:
ifalgorithmsisnotNoneandalgnotinalgorithms:
raiseInvalidAlgorithmError('The specified alg value is not allowed')
the local vars indicate alg is RS256 but algorithms is empty.
Request Method: | GET
https://weblate.site.jp/accounts/complete/keycloak/?redirect_state=XU9cOv0bq21ohmkhMlr9fpapDfcGq3rA&state=XU9cOv0bq21ohmkhMlr9fpapDfcGq3rA&session_state=4f27dadc-3c5e-4660-940b-1c244133e724&code=07b1024c-2879-4f58-a1d9-27aa2974fdda.4f27dadc-3c5e-4660-940b-1c244133e724.4be541f1-d930-45f7-8e37-42b4993cdb3d
3.0.8
InvalidAlgorithmError
The specified alg value is not allowed
/usr/local/lib/python3.7/dist-packages/jwt/api_jws.py in _verify_signature, line 216
/usr/bin/uwsgi-core
3.7.3
['/usr/local/lib/python3.7/dist-packages/git/ext/gitdb', '/', '/usr/local/lib/python3.7/dist-packages/', '.', '', '/usr/lib/python37.zip', '/usr/lib/python3.7', '/usr/lib/python3.7/lib-dynload', '/usr/local/lib/python3.7/dist-packages', '/app/data/python', '/usr/lib/python3/dist-packages', '/usr/local/lib/python3.7/dist-packages/gitdb/ext/smmap']
Stack trace from docker logs weblate:
nginx stdout | 172.17.0.19 - - [09/Sep/2020:08:47:03 +0000] "POST /accounts/login/keycloak/?next=/ HTTP/1.0" 302 0 "https://weblate.site.jp/" "Mozilla/5.0 "
uwsgi stderr | ERROR Internal Server Error: /accounts/complete/keycloak/
uwsgi stderr | Traceback (most recent call last):
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/exception.py", line 34, in inner
uwsgi stderr | response = get_response(request)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 115, in _get_response
uwsgi stderr | response = self.process_exception_by_middleware(e, request)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 113, in _get_response
uwsgi stderr | response = wrapped_callback(request, *callback_args, **callback_kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
uwsgi stderr | return view_func(*args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
uwsgi stderr | response = view_func(request, *args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/weblate/accounts/views.py", line 1047, in social_complete
uwsgi stderr | return complete(request, backend)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
uwsgi stderr | response = view_func(request, *args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
uwsgi stderr | return view_func(*args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_django/utils.py", line 49, in wrapper
uwsgi stderr | return func(request, backend, *args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_django/views.py", line 33, in complete
uwsgi stderr | *args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_core/actions.py", line 45, in do_complete
uwsgi stderr | user = backend.complete(user=user, *args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_core/backends/base.py", line 40, in complete
uwsgi stderr | return self.auth_complete(*args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_core/utils.py", line 251, in wrapper
uwsgi stderr | return func(*args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_core/backends/oauth.py", line 405, in auth_complete
uwsgi stderr | *args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_core/utils.py", line 251, in wrapper
uwsgi stderr | return func(*args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_core/backends/oauth.py", line 410, in do_auth
uwsgi stderr | data = self.user_data(access_token, *args, **kwargs)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/social_core/backends/keycloak.py", line 120, in user_data
uwsgi stderr | audience=self.audience(),
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/jwt/api_jwt.py", line 92, in decode
uwsgi stderr | jwt, key=key, algorithms=algorithms, options=options, **kwargs
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/jwt/api_jws.py", line 156, in decode
uwsgi stderr | key, algorithms)
uwsgi stderr | File "/usr/local/lib/python3.7/dist-packages/jwt/api_jws.py", line 216, in _verify_signature
uwsgi stderr | raise InvalidAlgorithmError('The specified alg value is not allowed')
uwsgi stderr | jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed
uwsgi stderr | [pid: 737|app: 0|req: 38/56] 172.17.0.19 () {52 vars in 1454 bytes} [Wed Sep 9 08:47:25 2020] GET /accounts/complete/keycloak/?redirect_state=NI9wQznwmlAR4s2sgsJe1p6t0lyDTc1b&state=NI9wQznwmlAR4s2sgsJe1p6t0lyDTc1b&session_state=052fb138-32ff-4bf4-8576-17c579318f54&code=e527a9eb-7e3b-4d5b-a4fc-5a6525c9c70b.052fb138-32ff-4bf4-8576-17c579318f54.4be541f1-d930-45f7-8e37-42b4993cdb3d => generated 9532 bytes in 20323 msecs (HTTP/1.0 500) 9 headers in 499 bytes (2 switches on core 0)
nginx stdout | 172.17.0.19 - - [09/Sep/2020:08:47:46 +0000] "GET /accounts/complete/keycloak/?redirect_state=NI9wQznwmlAR4s2sgsJe1p6t0lyDTc1b&state=NI9wQznwmlAR4s2sgsJe1p6t0lyDTc1b&session_state=052fb138-32ff-4bf4-8576-17c579318f54&code=e527a9eb-7e3b-4d5b-a4fc-5a6525c9c70b.052fb138-32ff-4bf4-8576-17c579318f54.4be541f1-d930-45f7-8e37-42b4993cdb3d HTTP/1.0" 500 9532 "-" "Mozilla/5.0"
Local vars of last stack trace element, copy&paste from the same email:
('-----BEGIN PUBLIC KEY-----\n' 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1erPDupNdgDdu3YJEqQY+jWvOtVG+2Q6HwSLqCY6HL7Em3DoIjV7pxE2lBFl0lzLeyBudd769nc7vA1s6n/r3xzlhSEZybUXkCh8SKGpouTarOyab5E3DRybO6ssV2xNH2zG7L5HvoaPgd7r0k8ckxf3E5spe1iv99yzU1V6HRDQsWahSG9TPe5l3ZXhatfYVL8u6gXOSL7Qf/MJCxR3geq/oiqn+gV/ptZKhlX5sRa8UgpukL0XM86W+ZMfPrOwThcjH7fp4SsdLn4+zMMEeEkqVj6kPmulg8QZHQ5IsZy4yJj2VfVF3B+cW0JLqG0KkLfj1K8gLyXvgacLnECi5QIDAQAB\n' '-----END PUBLIC KEY-----')
This issue looks like a support question. We try to answer these reasonably fast, but in case you are looking for faster resolution, please consider purchasing support subscription and make Weblate stronger.
Describe the issue
We've configured a Docker-based Weblate 4.1.1-3 instance to connect with Keycloak 11.0.2 according to the procedure described in python-social-auth keycloak.py.
Initiating a user login workflow from Weblate's web UI by clicking the "keycloak" button on the Weblate's login form redirects us to Keycloak as intended. After successful authentication in Keycloak, the browser is redirected back to weblate during a long pause, resulting in the browser coming to a stand-still at a "Server Error".
The admin email account receives two emails detailing the error, the first with nice HTML formatting and a stack trace, the second in plaintext with less detail.
Looking at the point of failure in stack trace:
the local vars indicate
alg
isRS256
butalgorithms
is empty.Any assistance is greatly appreciated!
Debug info
The browser stops at url:
The HTML formatted error email begins:
Stack trace from
docker logs weblate
:Local vars of last stack trace element, copy&paste from the same email:
Cleaning the vars up a little:
-- Some data like user identities have been changed to protect personal info, invalidating signatures.
The text was updated successfully, but these errors were encountered: