Hi all, I finally got it working, here the configuration/set up I used in case anyone else needs it.
I installed keycloak-plugin, downloaded from here ( https://build.geoserver.org/geoserver/2.16.x/community-latest/). I followed this tutorial ( https://docs.geoserver.org/stable/en/user/community/keycloak/index.html) with some variations. Keycloak config: - The Access type set to confidential. - Standard Flow Enabled set to on - Implicit Flow Enabled set to on - Direct Access Grant Enabled set to on - Only one Valid Redirect URIs, in my case, was http://localhost:8093/geoserver/web/* (my local geoserver). - Base URL same as the redirect url without the * at the end, ( http://localhost:8093/geoserver/web/ ). [image: keycloak.PNG] Geoserver config: - When creating the new authentication filter for keycloak instead of using the suggested json config I used the one as follow: { "realm": "EGIS", "auth-server-url": "http://192.168.23.28:9001/auth";, "ssl-required": "external", "resource": "geoserver", "credentials": { "secret": "your-secret-here" }, "use-resource-role-mappings": true, "confidential-port": 0 } - Next is to click on web filter chain and remove all the chain filters and add the new keycloak filter. - Then just restart your server. This are the steps that worked for me. Hope it helps. Cheers On Mon, Oct 28, 2019 at 12:39 PM Samy Otero <sot...@psdrcs.com> wrote: > Hi all, > > I got the redirections working, but now there is a small error I've been > trying to solve for a while now. > > When I hit the geoserver login page, it redirects me to the keycloak login > page, after typing the credentials, it tries to redirect back to the > geoserver but it hangs in a white page. > I checked the logs and there is an error in the state parameter (state > parameter invalid). > > Again, any help would be appreciated. > > Thanks in advance. > > Sam > > On Fri, Oct 25, 2019 at 11:00 AM Samy Otero <sot...@psdrcs.com> wrote: > >> Great, thanks! >> >> Super helpful. >> >> Cheers >> >> On Fri, Oct 25, 2019 at 10:59 AM Alessio Fabiani < >> alessio.fabi...@geo-solutions.it> wrote: >> >>> In theory just creating a new client would be sufficient. >>> >>> Il giorno ven 25 ott 2019 alle ore 16:51 Samy Otero <sot...@psdrcs.com> >>> ha scritto: >>> >>>> Just to confirm, >>>> >>>> - I need to set in the filter chain section my 'keycloak' adaptor >>>> (without the 'form' adaptor). >>>> - Login by accessing directly to Keycloak, using the geoserver >>>> credentials and it should redirect back to the geoserver. >>>> >>>> Do I need to have an independent REALM in keycloak for the geoserver or >>>> I can just create a new client in whatever REALM I'm using? >>>> >>>> Thanks!!! >>>> >>>> On Fri, Oct 25, 2019 at 10:44 AM Alessio Fabiani < >>>> alessio.fabi...@geo-solutions.it> wrote: >>>> >>>>> Ok, so, in the case you have both Keycloak and Form authentication >>>>> methods, the login won't redirect you to Keycloak. >>>>> >>>>> You will need to go **directly** to the keycloak realm login page. >>>>> Once you log successfully, it will redirect you to the GeoServer GUI. >>>>> >>>>> Il giorno ven 25 ott 2019 alle ore 16:40 Samy Otero <sot...@psdrcs.com> >>>>> ha scritto: >>>>> >>>>>> Apologies, I pasted the wrong link. >>>>>> >>>>>> This is the one >>>>>> https://docs.geoserver.org/stable/en/user/community/keycloak/index.html >>>>>> >>>>>> >>>>>> Thanks for the rapid response. >>>>>> >>>>>> Sam >>>>>> >>>>>> On Fri, Oct 25, 2019 at 10:22 AM Alessio Fabiani < >>>>>> alessio.fabi...@geo-solutions.it> wrote: >>>>>> >>>>>>> Hello Samy, >>>>>>> just to be sure, which tutorial are you following exactly? >>>>>>> >>>>>>> the specific to keycloak (and the right one) which is >>>>>>> >>>>>>> >>>>>>> https://docs.geoserver.org/stable/en/user/community/keycloak/index.html >>>>>>> >>>>>>> >>>>>>> or the more general one, for OAuth2, which is >>>>>>> >>>>>>> https://docs.geoserver.org/stable/en/user/community/oauth2/index.html >>>>>>> >>>>>>> >>>>>>> Which steps you did exactly? >>>>>>> >>>>>>> >>>>>>> Il giorno ven 25 ott 2019 alle ore 16:05 Samy Otero < >>>>>>> sot...@psdrcs.com> ha scritto: >>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> I am having issues trying to set up authentication in GeoServer >>>>>>>> using Keyloak community plugin. >>>>>>>> >>>>>>>> I am running GeoServer v 2.16.x and I downloaded the Keycloak >>>>>>>> plugin from here ( >>>>>>>> https://build.geoserver.org/geoserver/2.16.x/community-latest/). >>>>>>>> >>>>>>>> This is the tutorial I am following ( >>>>>>>> https://docs.geoserver.org/stable/en/user/community/oauth2/index.html >>>>>>>> ). >>>>>>>> >>>>>>>> >>>>>>>> The issue: >>>>>>>> >>>>>>>> After configuring everything, when I navigate to the login page, it >>>>>>>> never redirects me to Keycloak, it seems to not be working at all. >>>>>>>> >>>>>>>> I also checked this thread ( >>>>>>>> https://sourceforge.net/p/geoserver/mailman/message/36775455/) but >>>>>>>> it's not the same issue. In that case, there was a redirection >>>>>>>> happening. >>>>>>>> >>>>>>>> Any help would be much appreciated. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Sam >>>>>>>> >>>>>>>> -- >>>>>>>> Samy Otero >>>>>>>> >>>>>>>> *PSD |* Software Developer >>>>>>>> >>>>>>>> www.psdrcs.com >>>>>>>> >>>>>>>> *London |* 148 Fullarton St. 9th floor. >>>>>>>> >>>>>>>> *Burlington |* 5045 South Service Rd. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Geoserver-users mailing list >>>>>>>> >>>>>>>> Please make sure you read the following two resources before >>>>>>>> posting to this list: >>>>>>>> - Earning your support instead of buying it, but Ian Turton: >>>>>>>> http://www.ianturton.com/talks/foss4g.html#/ >>>>>>>> - The GeoServer user list posting guidelines: >>>>>>>> http://geoserver.org/comm/userlist-guidelines.html >>>>>>>> >>>>>>>> If you want to request a feature or an improvement, also see this: >>>>>>>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >>>>>>>> >>>>>>>> >>>>>>>> Geoserver-users@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> == >>>>>>> >>>>>>> GeoServer Professional Services from the experts! Visit >>>>>>> http://goo.gl/it488V for more information. >>>>>>> == >>>>>>> Ing. Alessio Fabiani >>>>>>> >>>>>>> @alfa7691 >>>>>>> Founder/Technical Lead >>>>>>> >>>>>>> >>>>>>> GeoSolutions S.A.S. >>>>>>> Via di Montramito 3/A - 55054 Massarosa (LU) - Italy >>>>>>> phone: +39 0584 962313 >>>>>>> fax: +39 0584 1660272 >>>>>>> mob: +39 331 6233686 >>>>>>> >>>>>>> >>>>>>> http://www.geo-solutions.it >>>>>>> http://twitter.com/geosolutions_it >>>>>>> ------------------------------------------------------- >>>>>>> >>>>>>> Con riferimento alla normativa sul trattamento dei dati personali >>>>>>> (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati >>>>>>> “GDPR”), >>>>>>> si precisa che ogni circostanza inerente alla presente email (il suo >>>>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>>>> operazione è illecita. Le sarei comunque grato se potesse darmene >>>>>>> notizia. >>>>>>> >>>>>>> >>>>>>> This email is intended only for the person or entity to which it is >>>>>>> addressed and may contain information that is privileged, confidential >>>>>>> or >>>>>>> otherwise protected from disclosure. We remind that - as provided by >>>>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of >>>>>>> this >>>>>>> e-mail or the information herein by anyone other than the intended >>>>>>> recipient is prohibited. If you have received this email by mistake, >>>>>>> please >>>>>>> notify us immediately by telephone or e-mail. >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Samy Otero >>>>>> >>>>>> *PSD |* Software Developer >>>>>> >>>>>> www.psdrcs.com >>>>>> >>>>>> *London |* 148 Fullarton St. 9th floor. >>>>>> >>>>>> *Burlington |* 5045 South Service Rd. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> >>>>> == >>>>> >>>>> GeoServer Professional Services from the experts! Visit >>>>> http://goo.gl/it488V for more information. >>>>> == >>>>> Ing. Alessio Fabiani >>>>> >>>>> @alfa7691 >>>>> Founder/Technical Lead >>>>> >>>>> >>>>> GeoSolutions S.A.S. >>>>> Via di Montramito 3/A - 55054 Massarosa (LU) - Italy >>>>> phone: +39 0584 962313 >>>>> fax: +39 0584 1660272 >>>>> mob: +39 331 6233686 >>>>> >>>>> >>>>> http://www.geo-solutions.it >>>>> http://twitter.com/geosolutions_it >>>>> ------------------------------------------------------- >>>>> >>>>> Con riferimento alla normativa sul trattamento dei dati personali >>>>> (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati >>>>> “GDPR”), >>>>> si precisa che ogni circostanza inerente alla presente email (il suo >>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>>>> >>>>> >>>>> This email is intended only for the person or entity to which it is >>>>> addressed and may contain information that is privileged, confidential or >>>>> otherwise protected from disclosure. We remind that - as provided by >>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of >>>>> this >>>>> e-mail or the information herein by anyone other than the intended >>>>> recipient is prohibited. If you have received this email by mistake, >>>>> please >>>>> notify us immediately by telephone or e-mail. >>>>> >>>> >>>> >>>> -- >>>> Samy Otero >>>> >>>> *PSD |* Software Developer >>>> >>>> www.psdrcs.com >>>> >>>> *London |* 148 Fullarton St. 9th floor. >>>> >>>> *Burlington |* 5045 South Service Rd. >>>> >>>> >>>> >>>> >>> >>> -- >>> >>> == >>> >>> GeoServer Professional Services from the experts! Visit >>> http://goo.gl/it488V for more information. >>> == >>> Ing. Alessio Fabiani >>> >>> @alfa7691 >>> Founder/Technical Lead >>> >>> >>> GeoSolutions S.A.S. >>> Via di Montramito 3/A - 55054 Massarosa (LU) - Italy >>> phone: +39 0584 962313 >>> fax: +39 0584 1660272 >>> mob: +39 331 6233686 >>> >>> >>> http://www.geo-solutions.it >>> http://twitter.com/geosolutions_it >>> ------------------------------------------------------- >>> >>> Con riferimento alla normativa sul trattamento dei dati personali (Reg. >>> UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>> precisa che ogni circostanza inerente alla presente email (il suo >>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>> >>> >>> This email is intended only for the person or entity to which it is >>> addressed and may contain information that is privileged, confidential or >>> otherwise protected from disclosure. We remind that - as provided by >>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this >>> e-mail or the information herein by anyone other than the intended >>> recipient is prohibited. If you have received this email by mistake, please >>> notify us immediately by telephone or e-mail. >>> >> >> >> -- >> Samy Otero >> >> *PSD |* Software Developer >> >> www.psdrcs.com >> >> *London |* 148 Fullarton St. 9th floor. >> >> *Burlington |* 5045 South Service Rd. >> >> >> >> > > -- > Samy Otero > > *PSD |* Software Developer > > www.psdrcs.com > > *London |* 148 Fullarton St. 9th floor. > > *Burlington |* 5045 South Service Rd. > > > > -- Samy Otero *PSD |* Software Developer www.psdrcs.com *London |* 148 Fullarton St. 9th floor. *Burlington |* 5045 South Service Rd.
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
