Very good Samy, thanks for your effort and time. If you want (and most importantly you have time and resources to do it), you could envisage to improve and update the existing documentation.
Otherwise, I can take care of this, but not now, since I am quite busy. Probably in one month or two. Cheers, Alessio. Il giorno lun 28 ott 2019 alle ore 18:17 Samy Otero <sot...@psdrcs.com> ha scritto: > Hi all, > > I finally got it working, here the configuration/set up I used in case > anyone else needs it. > > I installed keycloak-plugin, downloaded from here ( > https://build.geoserver.org/geoserver/2.16.x/community-latest/). > I followed this tutorial ( > https://docs.geoserver.org/stable/en/user/community/keycloak/index.html) > with some variations. > > Keycloak config: > - The Access type set to confidential. > - Standard Flow Enabled set to on > - Implicit Flow Enabled set to on > - Direct Access Grant Enabled set to on > - Only one Valid Redirect URIs, in my case, was > http://localhost:8093/geoserver/web/* (my local geoserver). > - Base URL same as the redirect url without the * at the end, ( > http://localhost:8093/geoserver/web/ ). > > [image: keycloak.PNG] > > > Geoserver config: > - When creating the new authentication filter for keycloak instead of > using the suggested json config I used the one as follow: > > { > "realm": "EGIS", > "auth-server-url": "http://192.168.23.28:9001/auth";, > "ssl-required": "external", > "resource": "geoserver", > "credentials": { > "secret": "your-secret-here" > }, > "use-resource-role-mappings": true, > "confidential-port": 0 > } > > - Next is to click on web filter chain and remove all the chain filters > and add the new keycloak filter. > - Then just restart your server. > > This are the steps that worked for me. > > Hope it helps. > > Cheers > > > > > On Mon, Oct 28, 2019 at 12:39 PM Samy Otero <sot...@psdrcs.com> wrote: > >> Hi all, >> >> I got the redirections working, but now there is a small error I've been >> trying to solve for a while now. >> >> When I hit the geoserver login page, it redirects me to the keycloak >> login page, after typing the credentials, it tries to redirect back to the >> geoserver but it hangs in a white page. >> I checked the logs and there is an error in the state parameter (state >> parameter invalid). >> >> Again, any help would be appreciated. >> >> Thanks in advance. >> >> Sam >> >> On Fri, Oct 25, 2019 at 11:00 AM Samy Otero <sot...@psdrcs.com> wrote: >> >>> Great, thanks! >>> >>> Super helpful. >>> >>> Cheers >>> >>> On Fri, Oct 25, 2019 at 10:59 AM Alessio Fabiani < >>> alessio.fabi...@geo-solutions.it> wrote: >>> >>>> In theory just creating a new client would be sufficient. >>>> >>>> Il giorno ven 25 ott 2019 alle ore 16:51 Samy Otero <sot...@psdrcs.com> >>>> ha scritto: >>>> >>>>> Just to confirm, >>>>> >>>>> - I need to set in the filter chain section my 'keycloak' adaptor >>>>> (without the 'form' adaptor). >>>>> - Login by accessing directly to Keycloak, using the geoserver >>>>> credentials and it should redirect back to the geoserver. >>>>> >>>>> Do I need to have an independent REALM in keycloak for the geoserver >>>>> or I can just create a new client in whatever REALM I'm using? >>>>> >>>>> Thanks!!! >>>>> >>>>> On Fri, Oct 25, 2019 at 10:44 AM Alessio Fabiani < >>>>> alessio.fabi...@geo-solutions.it> wrote: >>>>> >>>>>> Ok, so, in the case you have both Keycloak and Form authentication >>>>>> methods, the login won't redirect you to Keycloak. >>>>>> >>>>>> You will need to go **directly** to the keycloak realm login page. >>>>>> Once you log successfully, it will redirect you to the GeoServer GUI. >>>>>> >>>>>> Il giorno ven 25 ott 2019 alle ore 16:40 Samy Otero < >>>>>> sot...@psdrcs.com> ha scritto: >>>>>> >>>>>>> Apologies, I pasted the wrong link. >>>>>>> >>>>>>> This is the one >>>>>>> https://docs.geoserver.org/stable/en/user/community/keycloak/index.html >>>>>>> >>>>>>> >>>>>>> Thanks for the rapid response. >>>>>>> >>>>>>> Sam >>>>>>> >>>>>>> On Fri, Oct 25, 2019 at 10:22 AM Alessio Fabiani < >>>>>>> alessio.fabi...@geo-solutions.it> wrote: >>>>>>> >>>>>>>> Hello Samy, >>>>>>>> just to be sure, which tutorial are you following exactly? >>>>>>>> >>>>>>>> the specific to keycloak (and the right one) which is >>>>>>>> >>>>>>>> >>>>>>>> https://docs.geoserver.org/stable/en/user/community/keycloak/index.html >>>>>>>> >>>>>>>> >>>>>>>> or the more general one, for OAuth2, which is >>>>>>>> >>>>>>>> >>>>>>>> https://docs.geoserver.org/stable/en/user/community/oauth2/index.html >>>>>>>> >>>>>>>> >>>>>>>> Which steps you did exactly? >>>>>>>> >>>>>>>> >>>>>>>> Il giorno ven 25 ott 2019 alle ore 16:05 Samy Otero < >>>>>>>> sot...@psdrcs.com> ha scritto: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> I am having issues trying to set up authentication in GeoServer >>>>>>>>> using Keyloak community plugin. >>>>>>>>> >>>>>>>>> I am running GeoServer v 2.16.x and I downloaded the Keycloak >>>>>>>>> plugin from here ( >>>>>>>>> https://build.geoserver.org/geoserver/2.16.x/community-latest/). >>>>>>>>> >>>>>>>>> This is the tutorial I am following ( >>>>>>>>> https://docs.geoserver.org/stable/en/user/community/oauth2/index.html >>>>>>>>> ). >>>>>>>>> >>>>>>>>> >>>>>>>>> The issue: >>>>>>>>> >>>>>>>>> After configuring everything, when I navigate to the login page, >>>>>>>>> it never redirects me to Keycloak, it seems to not be working at all. >>>>>>>>> >>>>>>>>> I also checked this thread ( >>>>>>>>> https://sourceforge.net/p/geoserver/mailman/message/36775455/) >>>>>>>>> but it's not the same issue. In that case, there was a redirection >>>>>>>>> happening. >>>>>>>>> >>>>>>>>> Any help would be much appreciated. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Sam >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Samy Otero >>>>>>>>> >>>>>>>>> *PSD |* Software Developer >>>>>>>>> >>>>>>>>> www.psdrcs.com >>>>>>>>> >>>>>>>>> *London |* 148 Fullarton St. 9th floor. >>>>>>>>> >>>>>>>>> *Burlington |* 5045 South Service Rd. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Geoserver-users mailing list >>>>>>>>> >>>>>>>>> Please make sure you read the following two resources before >>>>>>>>> posting to this list: >>>>>>>>> - Earning your support instead of buying it, but Ian Turton: >>>>>>>>> http://www.ianturton.com/talks/foss4g.html#/ >>>>>>>>> - The GeoServer user list posting guidelines: >>>>>>>>> http://geoserver.org/comm/userlist-guidelines.html >>>>>>>>> >>>>>>>>> If you want to request a feature or an improvement, also see this: >>>>>>>>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >>>>>>>>> >>>>>>>>> >>>>>>>>> Geoserver-users@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> == >>>>>>>> >>>>>>>> GeoServer Professional Services from the experts! Visit >>>>>>>> http://goo.gl/it488V for more information. >>>>>>>> == >>>>>>>> Ing. Alessio Fabiani >>>>>>>> >>>>>>>> @alfa7691 >>>>>>>> Founder/Technical Lead >>>>>>>> >>>>>>>> >>>>>>>> GeoSolutions S.A.S. >>>>>>>> Via di Montramito 3/A - 55054 Massarosa (LU) - Italy >>>>>>>> phone: +39 0584 962313 >>>>>>>> fax: +39 0584 1660272 >>>>>>>> mob: +39 331 6233686 >>>>>>>> >>>>>>>> >>>>>>>> http://www.geo-solutions.it >>>>>>>> http://twitter.com/geosolutions_it >>>>>>>> ------------------------------------------------------- >>>>>>>> >>>>>>>> Con riferimento alla normativa sul trattamento dei dati personali >>>>>>>> (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati >>>>>>>> “GDPR”), >>>>>>>> si precisa che ogni circostanza inerente alla presente email (il suo >>>>>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>>>>> operazione è illecita. Le sarei comunque grato se potesse darmene >>>>>>>> notizia. >>>>>>>> >>>>>>>> >>>>>>>> This email is intended only for the person or entity to which it is >>>>>>>> addressed and may contain information that is privileged, confidential >>>>>>>> or >>>>>>>> otherwise protected from disclosure. We remind that - as provided by >>>>>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of >>>>>>>> this >>>>>>>> e-mail or the information herein by anyone other than the intended >>>>>>>> recipient is prohibited. If you have received this email by mistake, >>>>>>>> please >>>>>>>> notify us immediately by telephone or e-mail. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Samy Otero >>>>>>> >>>>>>> *PSD |* Software Developer >>>>>>> >>>>>>> www.psdrcs.com >>>>>>> >>>>>>> *London |* 148 Fullarton St. 9th floor. >>>>>>> >>>>>>> *Burlington |* 5045 South Service Rd. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> == >>>>>> >>>>>> GeoServer Professional Services from the experts! Visit >>>>>> http://goo.gl/it488V for more information. >>>>>> == >>>>>> Ing. Alessio Fabiani >>>>>> >>>>>> @alfa7691 >>>>>> Founder/Technical Lead >>>>>> >>>>>> >>>>>> GeoSolutions S.A.S. >>>>>> Via di Montramito 3/A - 55054 Massarosa (LU) - Italy >>>>>> phone: +39 0584 962313 >>>>>> fax: +39 0584 1660272 >>>>>> mob: +39 331 6233686 >>>>>> >>>>>> >>>>>> http://www.geo-solutions.it >>>>>> http://twitter.com/geosolutions_it >>>>>> ------------------------------------------------------- >>>>>> >>>>>> Con riferimento alla normativa sul trattamento dei dati personali >>>>>> (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati >>>>>> “GDPR”), >>>>>> si precisa che ogni circostanza inerente alla presente email (il suo >>>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>>> operazione è illecita. Le sarei comunque grato se potesse darmene >>>>>> notizia. >>>>>> >>>>>> >>>>>> This email is intended only for the person or entity to which it is >>>>>> addressed and may contain information that is privileged, confidential or >>>>>> otherwise protected from disclosure. We remind that - as provided by >>>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of >>>>>> this >>>>>> e-mail or the information herein by anyone other than the intended >>>>>> recipient is prohibited. If you have received this email by mistake, >>>>>> please >>>>>> notify us immediately by telephone or e-mail. >>>>>> >>>>> >>>>> >>>>> -- >>>>> Samy Otero >>>>> >>>>> *PSD |* Software Developer >>>>> >>>>> www.psdrcs.com >>>>> >>>>> *London |* 148 Fullarton St. 9th floor. >>>>> >>>>> *Burlington |* 5045 South Service Rd. >>>>> >>>>> >>>>> >>>>> >>>> >>>> -- >>>> >>>> == >>>> >>>> GeoServer Professional Services from the experts! Visit >>>> http://goo.gl/it488V for more information. >>>> == >>>> Ing. Alessio Fabiani >>>> >>>> @alfa7691 >>>> Founder/Technical Lead >>>> >>>> >>>> GeoSolutions S.A.S. >>>> Via di Montramito 3/A - 55054 Massarosa (LU) - Italy >>>> phone: +39 0584 962313 >>>> fax: +39 0584 1660272 >>>> mob: +39 331 6233686 >>>> >>>> >>>> http://www.geo-solutions.it >>>> http://twitter.com/geosolutions_it >>>> ------------------------------------------------------- >>>> >>>> Con riferimento alla normativa sul trattamento dei dati personali (Reg. >>>> UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>>> precisa che ogni circostanza inerente alla presente email (il suo >>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>>> >>>> >>>> This email is intended only for the person or entity to which it is >>>> addressed and may contain information that is privileged, confidential or >>>> otherwise protected from disclosure. We remind that - as provided by >>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this >>>> e-mail or the information herein by anyone other than the intended >>>> recipient is prohibited. If you have received this email by mistake, please >>>> notify us immediately by telephone or e-mail. >>>> >>> >>> >>> -- >>> Samy Otero >>> >>> *PSD |* Software Developer >>> >>> www.psdrcs.com >>> >>> *London |* 148 Fullarton St. 9th floor. >>> >>> *Burlington |* 5045 South Service Rd. >>> >>> >>> >>> >> >> -- >> Samy Otero >> >> *PSD |* Software Developer >> >> www.psdrcs.com >> >> *London |* 148 Fullarton St. 9th floor. >> >> *Burlington |* 5045 South Service Rd. >> >> >> >> > > -- > Samy Otero > > *PSD |* Software Developer > > www.psdrcs.com > > *London |* 148 Fullarton St. 9th floor. > > *Burlington |* 5045 South Service Rd. > > > > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users > -- == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Alessio Fabiani @alfa7691 Founder/Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A - 55054 Massarosa (LU) - Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 331 6233686 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
