Greenlight V3 with Keycloak

[Gerald Schaaf]

Hi!

I was using Greenlight V2 with LDAP.

On my new bbb server I am testing now bbb 2.7 with greenlight v3.

After everything works perfect I am planning the next step.
Now I installed keycloak (script incl. -k) to connect to ldap again.

No error - welcome screen ist up - but I can not log in. 
The documentation say "Select Administration Console and sign in using the credentials that were printed during the Keycloak Installation process."

But I can not find any of these credentials?

I am stuck!

Regards
Gerald

[Jean Pluzo]

Hi,

the credentials mentioned are for Keycloak, not for GLv3. You have to sign in to KC to configure the ldap interface. After you have done this successfully you can sign in with an ldap user into GLv3.

For GLv3 you have to first make an admin user to sign in as stated here. But this user will be not be taken from your ldap server and will be saved to GL's internal db.

Regards,

J.

[Gerald Schaaf]

Hi!
It's about keycloak! As I wrote: First I installed BBB 2.7 with GLv3. I tested it, of course with an admin-user. Everything works fine. 
Next step would be to use my LDAP as before. So I added Keyclock - using the bbb script adding the -k  parameter.
Now starting the http://my.server.com/keycloack bring me the welcome screen

Choosing the admin console ... user and password is required..... and the former generated GL3 adminuser and password does not match.

Within the install script of bbb no credentials  apear.

bbb is working

GLv3 is working and I can log in and admin

I have no user and password for keycloak - thats the point

[Jean Pluzo]

Hi,

by looking at the keycloak install part I see that the password for the keycloak admin is a 12 character string, randomly generated at install time.

This string gets written to the db (postgres) as well as to the docker-compose.yml file. You should have such a file. There should be a KEYCLOAK_ADMIN variable and right under a KEYCLOAK_ADMIN_PASSWORD variable.

Hope this helps.

Regards,

J.

[Gerald Schaaf]

Hi Jean!
Thank you so much! That was the hint I needed!!!! Now I can login!
Regards
Gerald

[Hagay Sela]

Hi,

I am in the same step, need to configure the keycloak to work with LDAP.

Did you manage to configure it? if yes, i would appreciate your help.

Thanks,

Hagay

ב-יום חמישי, 24 באוגוסט 2023 בשעה 10:09:40 UTC+3, Gerald Schaaf כתב/ה:

[Gerald Schaaf]

Hi!
To be honest: I gave up.
After spending several hours just trying to understand the principals of Keycloak I decided not to waste more time on that case.
My hope, that I can simply use the credentials I used for greenlight 2 to connect to ldap was not fulfilled.  My main frontend to bbb is moodle. Greenlight was only an addition for our staff so that they can use bbb privat in an easy way.
Regards
Gerald

[Jean Pluzo]

Hi guys,

what were your problems? Where did you get stuck?
There are some guides to configure KC with LDAP (here, or here). I myself have spent quite some time reading and experimenting.
However, you could hit a (very big) wall when something goes wrong. For example, my LDAP provider provides an SHA1 certificate, which KC does not support (for obvious security reasons). This was not known to me or the LDAP provider admin. Turns out I can't install KC because the LDAP admin doesn't know how to upgrade the cert to SHA256.

Perhaps if you write some details with your problems, someone around here might be able to help you.

Regards,

J.

[Hagay Sela]

Hi,

I created ldap under "User Federation"  with successfully query:

What next? if i follow this guide i need to add "Identity Providers" tried all the user defined openid but i miss the "Discovery endpoint"  that gives me an error:

That's it.

Regards,

Hagay 

ב-יום שני, 4 בספטמבר 2023 בשעה 15:21:33 UTC+3, Jean Pluzo כתב/ה:

[Jean Pluzo]

Hi,

you're following the BBB guide for OpenID. It says so there (" This guide will provide you with an example of how to connect to Google Authentication"). The guide for LDAP is (unfortunately) not in the BBB docs.
Please read one of my previous posts for instructions regarding KC and LDAP.

Regards,

J.