Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keycloak provider does not honor --set-authorization-header option #651

Closed
sushiMix opened this issue Jul 2, 2020 · 5 comments
Closed

Keycloak provider does not honor --set-authorization-header option #651

sushiMix opened this issue Jul 2, 2020 · 5 comments
Labels
configuration help wanted Stale

Comments

@sushiMix
Copy link
Contributor

sushiMix commented Jul 2, 2020
edited

When using OIDC provider with --set-authorization-header option the authorization header is returned when calling /oauth2/auth whereas with Keycloak provider it does not (I also set --x-auth-request=true).

Expected Behavior

--set-authorization-header works with set-authorization-header
the call to /oauth2/auth shall return the Authorization header with bearer token

Current Behavior

It does not return the authorization header

Possible Solution

  1. update Keycloak implementation
  2. Add group claim support in OIDC provider so no need to keep Keycloak provider.

Steps to Reproduce (for bugs)

Create a configuration with Keycloak provider and --set-authorization-header==true

  1. login using sign_in api
  2. call auth api

Context

I'd like to use Keycloak provider to support the Keycloak group management (which is not supported in OIDC provider).
Passing back to OIDC provider requires to add a component to handle the group management.

Your Environment

Use in kubernetes context with Nginx ingress controller and x-auth-request=true.

  • Version used: 5.1.1 and 6.0.0
@JoelSpeed
Copy link
Member

This is a known issue, the keycloak provider doesn't store the ID Token so it can't set it in the header. You could try switching over to the OIDC provider instead as that is known to work with keycloak

You may be interested in #479

@sushiMix
Copy link
Contributor Author

sushiMix commented Jul 9, 2020

I already switched to OIDC Provider but I lost the group claim (which ease the user management).
In fact I need : #466 to support the group claim token with auth_request and set-authorization-header to fully solve the issue

@JoelSpeed
Copy link
Member

Ahh, I believe #466 isn't likely to be completed any time soon, but we are making progress on the groups issue in #616, would that PR resolve your issue?

@sushiMix
Copy link
Contributor Author

Hello, #616 can solve my issue.

@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Sep 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
configuration help wanted Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JoelSpeed @sushiMix