Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help Integrating with Keycloak #6

Open
chris2fr opened this issue Jul 25, 2022 · 1 comment
Open

Help Integrating with Keycloak #6

chris2fr opened this issue Jul 25, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@chris2fr
Copy link

Hi,

I am trying to integrate passport-bridge with keycloak and am stuck.

Keycloak uses 'sub' as an internal user id, a bit different than the standard id.

I am using the passport-openidconnect strategy.

https://www.npmjs.com/package/passport-openidconnect-keycloak-idp

I have account creation set.

The answer I get is from openidconnect, and I assume it may be an issue between openidconnect and apostrophecms-passportbridge

A login error occurred
An error occurred while logging in via openidconnect

Your credentials were not accepted, your account is not affiliated with this site, or an existing account has the same username or email address.

If you believe you are seeing this message in error please contact the administrator.

here is my modules/@apostrophecms/passport-bridge/index.js

module.exports = {
  // In modules/@apostrophecms/passport-bridge/index.js
  options: {
    create: {
      // If you wish to treat all valid google users in your domain as
      // admins of the site. See also `guest`, `contributor`, `editor`, 'admin'
      //
      role: 'guest'
    },
    strategies: [
      {
        // You must npm install --save this module in your project first
        module: 'passport-openidconnect',
        options: {
            issuer: 'https://id.lesgv.com',
            authorizationURL: 'https://id.lesgv.com/realms/master/protocol/openid-connect/auth',
            tokenURL: 'https://id.lesgv.com/realms/master/protocol/openid-connect/token',
            userProfileURL: 'https://id.lesgv.com/realms/master/protocol/openid-connect/userinfo',
            clientID: '',
            clientSecret: '',
            callbackURL: 'https://alpha.lesgv.com/auth/oauth2/login'
        },
        // Ignore users whose email address does not match this domain
        // according to the identity provider
        emailDomain: 'mann.fr',
        // Use the user's email address as their identity
        match: 'email',
        // Strategy-specific options that must be passed to the authenticate middleware.
        // See the documentation of the strategy module you are using
        authenticate: {
          // 'email' for the obvious, 'profile' for the displayName (for the create option)
          scope: [ 'email', 'profile']
          //scope: [ 'email', 'preferred_username']
          //scope: [ 'email']
        }
      }
    ]
  }
  };

Oooo, I just read See the documentation of the strategy module you are using

I guess I will also check that.
@chris2fr chris2fr added the enhancement New feature or request label Jul 25, 2022
@chris2fr
Copy link
Author

All I am getting now is "Forbidden"

Any ideas to help debug?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chris2fr