New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kapua SSO after succesfull login fails to load homepage #2566
Comments
Ok, I spent some time debugging SSO and I found a few issues. I'm going to list them here in the meanwhile.
Please test these changes and tell me if they're enough to have you automatically logged after the SSO. |
do you have your github branch with these changes? |
Yes, you can find the branch here |
@lorthirk and exception in JwtAuthenticatingRealm is UnkonwonAcccount any
|
Unfortunately this log isn't that helpful, since I can't understand exactly where it is failing and why. It looks (but again, I can't be 100% sure) that somehow the token that returns from the SSO server isn't correct anyway. I tested my fork against latest Keycloak and apart from setting up an user, a |
Thank you @lorthirk for your support |
Also I'm getting lots of these in the logs all of sudden
|
Well... it looks like someone is trying to access those URLs, that doesn't exist in Kapua. Looks like a Kubernetes client is pointing to that machine? |
thanks, EDIT: it is not possible to have email in jwt access_token |
I've switched to Keycloak |
As I said It happened to me as well, but not consistently enough to figure out why. Any input is highly appreciated! |
I think that it may have something to do with login timeout, I've increased that to 2 min |
IIRC we don't have a login timeout option set anywhere, but I should double check for confirmation. Kapua session and Keycloak session are absolutely different, and I honestly see this correct. Do you have a different view on this perhaps? |
For sessions, yes you are right they are different, however it may be required that when logged out from kapua you logout from OP |
Good catch. Since it's coming from the OpenID Connect specification we should implement this. |
@mteodor can you post your docker-compose with JAVA_OPTS about Keycloak configuration? |
May I suggest you to also use the Kapua room on Gitter for discussions, so we can keep the issue a little bit cleaner? |
and you need .env file in the directory where docker-deploy.sh is
|
Closing for inactivity. |
Hi ,
I have configured Kapua to work with Gluu openidconnect auth server.
It looks like the authentication goes well , however I'm not getting the homepage
I'm redirected to server login page and after successfully authentication redirection to sso/callback occurs
then Kapua exchanges authorization token with access token and there is message in the console log saying that login is successful however login page is presented again
these are the variables I'm passing to console
from the console log
The text was updated successfully, but these errors were encountered: