Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cannot login when running ocis with keycloak #8068

Closed
individual-it opened this issue Dec 27, 2023 · 0 comments · Fixed by #8074
Closed

cannot login when running ocis with keycloak #8068

individual-it opened this issue Dec 27, 2023 · 0 comments · Fixed by #8074
Assignees
@kobergj
Labels
Type:Bug

Comments

@individual-it
Copy link
Member

Describe the bug

After #8051 got merged all integration tests for https://github.com/owncloud/ocis-php-sdk are failing because the server responds with 500
I can get a token, but using it returns e.g. Server error: GET https://ocis.owncloud.test/graph/v1.0/me/drives?%24orderby=name%20asc` resulted in a 500 Internal Server Error response`

@kobergj could you help to chec if we have a configuration issue in the setup or if is there a bug?

Steps to reproduce manually

  1. add these hosts to /etc/hosts: 
    127.0.0.1	ocis.owncloud.test
127.0.0.1	keycloak.owncloud.test
  2. get docker-compose file from: https://github.com/owncloud/ocis-php-sdk/blob/main/tests/integration/compose.yaml
  3. get docker folder from: https://github.com/owncloud/ocis-php-sdk/tree/main/tests/integration/docker
  4. run docker compose up
  5. with the browser navigate to https://keycloak.owncloud.test/ and accept the certificate
  6. with the browser navigate to https://ocis.owncloud.test/ and accept the certificate
  7. try to login as admin

Expected behavior

login should work

Actual behavior

cannot login
image

Setup

see https://github.com/owncloud/ocis-php-sdk/blob/main/tests/integration/compose.yaml
and https://github.com/owncloud/ocis-php-sdk/blob/main/tests/integration/docker/keycloak/ocis-realm.dist.json

Additional context

Logs:

keycloak-ocis-1      | {"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"d5333330f020b72c4dfcf1a9594927ca","user-agent":"grpc-go/1.60.1","from":"tcp://127.0.0.1:33740","uri":"/cs3.storage.provider.v1beta1.ProviderAPI/ListContainer","start":"27/Dec/2023:04:19:19 +0000","end":"27/Dec/2023:04:19:19 +0000","time_ns":190825,"code":"OK","time":"2023-12-27T04:19:19Z","line":"github.com/cs3org/reva/v2@v2.18.0/internal/grpc/interceptors/log/log.go:69","message":"unary"}
keycloak-ocis-1      | {"level":"error","service":"graph","middleware":"requireAdmin","userid":"c478b5cd-2103-4ff0-94fc-71c0e5329fbc","time":"2023-12-27T04:19:19Z","line":"github.com/owncloud/ocis/v2/services/graph/pkg/middleware/requireadmin.go:39","message":"No roles assigned to user"}
keycloak-ocis-1      | {"level":"debug","service":"graph","request-id":"","proto":"HTTP/1.1","method":"POST","status":401,"path":"/graph/v1.0/users","duration":109.645082,"bytes":150,"time":"2023-12-27T04:19:19Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
keycloak-ocis-1      | {"level":"warn","service":"proxy","OData Error":"Unauthorized","time":"2023-12-27T04:19:19Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/user/backend/cs3.go:256","message":"Error Response"}
keycloak-ocis-1      | {"level":"error","service":"proxy","error":"401 Unauthorized","time":"2023-12-27T04:19:19Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/user/backend/cs3.go:198","message":"Error creating user"}
keycloak-ocis-1      | {"level":"error","service":"proxy","error":"401 Unauthorized","time":"2023-12-27T04:19:19Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/account_resolver.go:113","message":"Autoprovisioning user failed"}
keycloak-ocis-1      | {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"8da0dc50-dc4d-4bfe-9199-1955882229b0","traceid":"8867c684bea80316690f520bace988c1","remote-addr":"192.168.48.1","method":"GET","status":500,"path":"/ocs/v1.php/cloud/user","duration":207.601057,"bytes":0,"time":"2023-12-27T04:19:19Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
keycloak-traefik-1   | {"ClientAddr":"192.168.48.1:48160","ClientHost":"192.168.48.1","ClientPort":"48160","ClientUsername":"-","DownstreamContentSize":0,"DownstreamStatus":500,"Duration":208093763,"OriginContentSize":0,"OriginDuration":208068820,"OriginStatus":500,"Overhead":24943,"RequestAddr":"ocis.owncloud.test","RequestContentSize":0,"RequestCount":265,"RequestHost":"ocis.owncloud.test","RequestMethod":"GET","RequestPath":"/ocs/v1.php/cloud/user","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"ocis@docker","ServiceAddr":"192.168.48.3:9200","ServiceName":"ocis@docker","ServiceURL":{"Scheme":"http","Opaque":"","User":null,"Host":"192.168.48.3:9200","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2023-12-27T04:19:19.744045868Z","StartUTC":"2023-12-27T04:19:19.744045868Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","downstream_X-Request-Id":"8da0dc50-dc4d-4bfe-9199-1955882229b0","entryPointName":"https","level":"info","msg":"","origin_X-Request-Id":"8da0dc50-dc4d-4bfe-9199-1955882229b0","request_X-Request-Id":"8da0dc50-dc4d-4bfe-9199-1955882229b0","time":"2023-12-27T04:19:19Z"}
keycloak-traefik-1   | {"ClientAddr":"192.168.48.3:51184","ClientHost":"192.168.48.3","ClientPort":"51184","ClientUsername":"-","DownstreamContentSize":5970,"DownstreamStatus":200,"Duration":4113321,"OriginContentSize":5970,"OriginDuration":4088755,"OriginStatus":200,"Overhead":24566,"RequestAddr":"keycloak.owncloud.test","RequestContentSize":0,"RequestCount":270,"RequestHost":"keycloak.owncloud.test","RequestMethod":"GET","RequestPath":"/realms/oCIS/.well-known/openid-configuration","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"keycloak@docker","ServiceAddr":"192.168.48.5:8080","ServiceName":"keycloak@docker","ServiceURL":{"Scheme":"http","Opaque":"","User":null,"Host":"192.168.48.5:8080","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2023-12-27T04:19:20.052192019Z","StartUTC":"2023-12-27T04:19:20.052192019Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"https","level":"info","msg":"","time":"2023-12-27T04:19:20Z"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kobergj kobergj

Labels
Type:Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Service Account Roles for external IDPs kobergj/ocis
2 participants
@individual-it @kobergj