Subject: Issue with OAuth2 Proxy and Keycloak Integration
1,366 views
Skip to first unread message
forty4seven
Jul 6, 2023, 4:55:50 PM7/6/23
to Keycloak User
I am currently experiencing an issue with the integration of OAuth2 Proxy and Keycloak in my setup. I am using the OAuth2 Proxy to protect resources on my Nginx file server. When a user attempts to access a resource, they are redirected to the OAuth2 Proxy, which prompts them to sign in with Keycloak.
However, when the user clicks on "Sign in with Keycloak", they receive a 404 error. I suspect that this issue might be due to Keycloak not being reachable, or the URL that it is trying to access is not available.
Here is my OAuth2 Proxy configuration file:
[Include your OAuth2 Proxy configuration file here]
I have verified that the login_url is accessible by manually visiting the URL in a web browser, and it does not return a 404 error. I have also checked the logs of the OAuth2 Proxy, but I did not find any significant errors or warnings.
I suspect that the issue might be with the Keycloak configuration, specifically the realm setup, or the client ID and secret. However, I have checked these settings and they appear to be correct.
I would appreciate any assistance you could provide in resolving this issue. Please let me know if you need any additional information.
OAuth2 Proxy Config ( GitHub - oauth2-proxy/oauth2-proxy: A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers. ) :
However, when the user clicks on "Sign in with Keycloak", they receive a 404 error. I suspect that this issue might be due to Keycloak not being reachable, or the URL that it is trying to access is not available.
Here is my OAuth2 Proxy configuration file:
[Include your OAuth2 Proxy configuration file here]
I have verified that the login_url is accessible by manually visiting the URL in a web browser, and it does not return a 404 error. I have also checked the logs of the OAuth2 Proxy, but I did not find any significant errors or warnings.
I suspect that the issue might be with the Keycloak configuration, specifically the realm setup, or the client ID and secret. However, I have checked these settings and they appear to be correct.
I would appreciate any assistance you could provide in resolving this issue. Please let me know if you need any additional information.
OAuth2 Proxy Config ( GitHub - oauth2-proxy/oauth2-proxy: A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers. ) :
## OAuth2 Proxy Config File
## https://github.com/oauth2-proxy/oauth2-proxy
## <addr>:<port> to listen on for HTTP/HTTPS clients
http_address = "0.0.0.0:4180"
## the OAuth Redirect URL.
redirect_url = "http://192.168.190.135:4180/oauth2/callback"
## the http url(s) of the upstream endpoint. If multiple, routing is based on path
upstreams = [
"http://192.168.190.135/"
]
## The OAuth Client ID, Secret
client_id = "nginx-file-server"
client_secret = "942dlAjoqAmD0wIjxq5Yn3jMLvfBWmQb"
## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
pass_access_token = true
## Provider Settings
provider = "keycloak"
login_url = "http://192.168.190.130:8080/realms/fileserver-realm/protocol/openid-connect/auth/device"
redeem_url = "http://192.168.190.130:8080/realms/fileserver-realm/protocol/openid-connect/token"
validate_url = "http://192.168.190.130:8080/realms/fileserver-realm/protocol/openid-connect/userinfo"
ssl_insecure_skip_verify = false
## Cookie Settings
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
## for use with an AES cipher when cookie_refresh or pass_access_token
## is set
cookie_name = "_oauth2_proxy"
cookie_secret = "aqjE_DC314smg49fXBj0bKLWjRszYkIR6u3uaDmeZoU="
cookie_expire = "168h"
cookie_refresh = "1h"
cookie_secure = false
cookie_httponly = true
## Email Domains to allow authentication for (this authorizes any email on this domain)
## for more granular authorization use `authenticated_emails_file`
## To authorize any email addresses use "*"
email_domains = [
"*"
]
## https://github.com/oauth2-proxy/oauth2-proxy
## <addr>:<port> to listen on for HTTP/HTTPS clients
http_address = "0.0.0.0:4180"
## the OAuth Redirect URL.
redirect_url = "http://192.168.190.135:4180/oauth2/callback"
## the http url(s) of the upstream endpoint. If multiple, routing is based on path
upstreams = [
"http://192.168.190.135/"
]
## The OAuth Client ID, Secret
client_id = "nginx-file-server"
client_secret = "942dlAjoqAmD0wIjxq5Yn3jMLvfBWmQb"
## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
pass_access_token = true
## Provider Settings
provider = "keycloak"
login_url = "http://192.168.190.130:8080/realms/fileserver-realm/protocol/openid-connect/auth/device"
redeem_url = "http://192.168.190.130:8080/realms/fileserver-realm/protocol/openid-connect/token"
validate_url = "http://192.168.190.130:8080/realms/fileserver-realm/protocol/openid-connect/userinfo"
ssl_insecure_skip_verify = false
## Cookie Settings
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
## for use with an AES cipher when cookie_refresh or pass_access_token
## is set
cookie_name = "_oauth2_proxy"
cookie_secret = "aqjE_DC314smg49fXBj0bKLWjRszYkIR6u3uaDmeZoU="
cookie_expire = "168h"
cookie_refresh = "1h"
cookie_secure = false
cookie_httponly = true
## Email Domains to allow authentication for (this authorizes any email on this domain)
## for more granular authorization use `authenticated_emails_file`
## To authorize any email addresses use "*"
email_domains = [
"*"
]
Reply all
Reply to author
Forward
0 new messages