Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrading to alerta 9.0.0 breaks keycloak integration regardless of /auth path #1835

Open
bo0ts opened this issue Mar 30, 2023 · 6 comments
Open

Upgrading to alerta 9.0.0 breaks keycloak integration regardless of /auth path #1835

bo0ts opened this issue Mar 30, 2023 · 6 comments
Labels
bug Something isn't working

Comments

@bo0ts
Copy link

bo0ts commented Mar 30, 2023

Issue Summary

After upgrading to alerta 9.0.0 login via keycloak is not working anymore. We run Keycloak 19 on Wildfly (which still has the /auth path which has only been removed on the quarkus distribution).

If we set the keycloak url to https://keycloak.intern the API will fail to start.

If we set the keycloak url to https://keycloak.intern/auth the API will start but the login button will redirect to https://keycloak.intern/auth/auth and login will fail.

We worked around the issue by specifying the generic openid auth provider.

Environment

  • OS: Linux
  • API version: 9.0.0
  • Deployment: Docker/Kubernetes
@satterly satterly added the bug Something isn't working label Jun 22, 2023
@hyberdk
Copy link
Contributor

hyberdk commented Dec 22, 2023

I guess this is a dup of #1680 that is fixed in #1683

@hyberdk hyberdk closed this as completed Dec 22, 2023
@bo0ts
Copy link
Author

bo0ts commented Dec 22, 2023

@hyberdk Are you sure? This commit should have been in the version we are using but our installation still broke?

@hyberdk
Copy link
Contributor

hyberdk commented Dec 22, 2023

not 100% :-)
I will reopen it again.. We probably needs Nicks input here, he knows best..

@hyberdk hyberdk reopened this Dec 22, 2023
@maksimse
Copy link

Hi.
We are running 9.0.1 and keycloak auth doesn't work.
Url is set to:
KEYCLOAK_URL = 'https://mykeycloak.com'
No path.
And still /auth/ is being appended:
image
@satterly ?

@bo0ts
Copy link
Author

bo0ts commented Apr 18, 2024

@maksimse Yes, that bug is still not fixed. As a workaround we switched to the OIDC configuration:

-  AUTH_PROVIDER: 'keycloak'
-  KEYCLOAK_URL: 'https://keycloak.our.domain'
-  KEYCLOAK_REALM: 'ourrealm'
+  AUTH_PROVIDER: 'openid'
+  OIDC_ISSUER_URL: 'https://keycloak.our.domain/realms/ourrealm'

@maksimse
Copy link

@bo0ts , thank you very much! It works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bo0ts @satterly @hyberdk @maksimse