External Provider in Kubernetes returns 404 (Keycloak)

[Memo99]

Bug report

Describe the bug

I'm struggling with this problem since 1 month. I hope you can help me with this issue.

I've added Keycloak as an external provider, like in the examples and the merge request related to keycloak.

I've also checked the flow with
Understanding the login flow

So i have 3 different pods in my local kubernetes cluster:

• Keycloak Server (auth.example.com)
• Strapi Server (cms.example.com)
• Frontend Server (example.com) -> example login react app

its not in the cloud, i just changed hosts file.

Steps to reproduce the behavior

1. Add "keycloak" to example react app
2. Click on keycloak-login-button in react app
3. Request to cms.example.com/connect/keycloak
4. Login to keycloak
5. See error

Redirect URL: https://cms.example.com/auth/keycloak/callback
Response: https://cms.example.com/connect/keycloak/callback?code=abcdsffasdfassdf
-> 404 Not Found

When i refresh 3 times, i get CONNECTION_REFUSED and no_access_token error.

Its stuck in Step 4.

4. Once done, Github redirects the tab to the backend URL:https://strapi.website.com/connect/github/callback?code=abcdef.

Expected behavior

Same as Understanding the login flow

Screenshots

Code snippets

bootstrap.js

    keycloak: {
      enabled: true,
      icon: 'key',
      key: '',
      secret: '',
      oauth: 2,
      authorize_url: `https://auth.example.com/auth/realms/Example/protocol/openid-connect/auth`,
      access_url:    `https://auth.example.com/auth/realms/Example/protocol/openid-connect/token`,
      callback: `${strapi.config.server.url}/auth/keycloak/callback`,
      scope: ['openid']
    },

providers.js

    case 'keycloak': {
      const keycloak = new Purest({
        provider: 'keycloak',
        config: {
          'keycloak': {
            'http://auth.example.com/auth/realms/Example/': {
              '__domain': {
                'auth': {
                  'auth': {
                    'bearer': '[0]'
                  }
                }
              },
              '{endpoint}': {
                '__path': {
                  'alias': '__default'
                }
              }
            }
          }
        }
      });

server.js

module.exports = ({ env }) => ({
  host: env('HOST', '0.0.0.0'),
  port: env.int('PORT', 1337),
  url: env('', 'https://cms.example.com'),
  admin: {
    auth: {
      secret: env('ADMIN_JWT_SECRET', 'xx'),
    },
  },
});

System

• Kubernetes
• Strapi version: strapi/strapi:latest
• Database: mysql 5.6.51
• Operating system: Windows 11

Additional context

Side notes:

• Cms is definitely working, i can access the admin panel when accessing cms.example.com. I've also inserted my ClientSecret and ID.

• The App folder is mapped to local volume, so i can change the application source code.

• Keycloak login flow works fine with Postman OpenID (without strapi in the middle).

• I want to manage all users in keycloak instead of strapi.

[derrickmehaffy]

While I appreciate the very detailed report, I don't believe this is a code bug and as such can you please mirror this information to our forum:

Hello,

I see you are wanting to ask a question that is not really a bug report or a feature request, questions should be directed to our forum. Please see the following contributing guidelines for asking a question here.

[derrickmehaffy]

This issue has been mentioned on Strapi Community Forum. There might be relevant details there:

https://forum.strapi.io/t/v3-keycloak-auth-provider-returns-404/12221/1