Keycloak authentication issue

[yuanpeterli]

When using Keycloak authentication (openid-connect), after successful authentication, the redirect fails with a message "You are not authorized to login."

Keycloak logs shows: error=invalid_redirect_uri, redirect_uri=https://{mydomain}/login/keycloak/callback

Wiki.js is trying to get to
https://{mydomain}/login/keycloak/callback?session_state=ee0b97f4-4c59-....-0c68557f668b

What I'm doing wrong? Please help.

[Jamsek-m]

If you haven't already, try to specify valid redirect URIs in your Keycloak client and put /* at the end of the url, like this: https://mydomain.com/callback/*

[charlie-hotel]

+1 on this issue, I have a similar issue but without invalid redirect uri.

[sigfriedseldeslachts]

Make sure you enable self registration.

[michidk]

You have to set root URL and valid redirection URI's in keycloak. Set the root url to the path to your wiki and add /login/keycloak/callback to the valid redirection URI's.

[Elfikurr]

Enabling self registration fixed it for me, however, do you know if we can map keycloak roles to wiki.js roles ?

[michidk]

Enabling self registration fixed it for me, however, do you know if we can map keycloak roles to wiki.js roles ?

No this is not possible, and exactly the reason, why we switched over to xwiki.

[thiadmer]

I had a similar issue. Tried all above solutions, neither worked. In my case the existing uuid references of the keycloak users were not correctly stored in the wikijs database. I updated the existing users.providerId database values to reflect to matching keycloak uuid and it worked.