Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad discovery URL with KeyCloak Discovery URL #17

Open
chiafa-unigre opened this issue Jun 27, 2024 · 8 comments
Open

Bad discovery URL with KeyCloak Discovery URL #17

chiafa-unigre opened this issue Jun 27, 2024 · 8 comments

Comments

@chiafa-unigre
Copy link

Hello,
when I press "Authenticate" button the authentication response is "Bad discovery URL".
I'm using KeyCloak as OIDC provider and so I set in discovery field this url:
https://MYDOMAIN/realms/MYREALM/.well-known/openid-configuration
I've set Client ID and Secret created by Client in KeyCloak and set https://MYNODEREDDOMAIN/openid-credentials/auth/callback in the Redirect URIs of my KeyCloak Client.
Should be a compatibility issue? Or is it a my wrong? I've already used this Discovery URL in other projects and this works.
Thanks a lot for your time and your work!
@ncarlier
Copy link
Owner

Hello, you should have a more specific reason in the NodeRED logs. Can you check this ?

@chiafa-unigre
Copy link
Author

chiafa-unigre commented Jun 27, 2024
edited
Loading

I have only this row:
Discover error {"name":"RequestError","code":"ETIMEDOUT","host":"xx.yyyy.zz","hostname":"xx.yyyy.zz","method":"GET","path":"/realms/myrealm/.well-known/openid-configuration","protocol":"https:","url":"https://xx.yyyyy.zz/realms/myrealm/.well-known/openid-configuration"}

It's seems a timeout error calling the discovery url. But doing a curl call to the discovery url from the node red server I receive the response without any problem.

@ncarlier
Copy link
Owner

Can you try to access the Kecycloak discovery URL in NodeRed using the http request node?

@chiafa-unigre
Copy link
Author

It works fine with http request node.

2024-06-28_09-08

@ncarlier
Copy link
Owner

I've slightly updated the logs and dependencies. Can you try again?

@chiafa-unigre
Copy link
Author

chiafa-unigre commented Jun 30, 2024
edited
Loading

I've updated your package and now this is the error I see in node red logs:
unable to get issuer from discovery URL during authentication request: {"name":"RPError"}
Looking on google this error seems also related to a timeout issue.

[01/07/2024 update]
I guess the problem is also related to the reverse proxy I use to add ssl to KeyCloak. Using KC direct IP I receive different error:
unable to process authentication callback: {"params":{"code":"e2894e70-c0df-4420-bab2-56d713b7e649.263c4af9-c089-4734-99c6-bac0d63c0c95.1cca93e0-379f-49a5-9679-50e31d266b81"},"name":"RPError"}

Maybe these errors are related to my network achitecture. I need to investigate further. I'm really sorry if I wasted your time. Thanks again.

@ncarlier
Copy link
Owner

ncarlier commented Jul 1, 2024

Don't be sorry! You don't waste my time :)
Maybe your Keycloak instance is not aware of your reverse proxy: https://www.keycloak.org/server/reverseproxy

@chiafa-unigre
Copy link
Author

Thanks for your kindness! The Keycloak instance is well configured for reverse proxy. I use kc in production from almost three years with more than 15 web app client. I also use kc as login provider for Node Red whitout problem. I guess the issue with the openid node is something reletaed with reverse proxy but I don't understand what...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ncarlier @chiafa-unigre