Good morning, I wasn't sure if this is the correct place for this question or not. If not, please let me know where I can get some assistance on this.
I'm currently on a project where we need to run Geoserver in a Kubernetes cluster and authenticate via Key cloak. I and two other coworkers have spent a fair amount of time trying to set this up and following the documentation provided. But, for some reason cannot get the authentication mechanism to work properly. We have set up the client in Key cloak and configured the security filters per the documentation in Geoserver. We also have scoured stack overflow and the gis stack exchange pages to no avail. I understand the community extensions are experimental in nature, but it seems these plugins should work. After trying to key cloak plugin with no luck , we switched to testing out the OIDC connect plugin. The Issue: At first, everything works as expected when attempting to login. I can see the OIDC button displayed on the home page next to the username and password boxes. I click the OIDC button, it redirects to the key cloak sign in page. I enter the user credentials, and the user is redirected to the same login page and not able to enter the UI. When checking the logs, I can see we get the Auth token and ID token but doesn't seem like it is making it to Getting the Roles. DEBUG [security.oauth2] - OIDC: SCOPES=openid geocat DEBUG [security.oauth2] - OIDC: ACCESS TOKEN: .... DEBUG [security.oauth2] - OIDC: ID TOKEN: ... DEBUG [security.oauth2] - OIDC: Getting Roles from UserGroupService, location=null <----- does not make it here for us. My questions: Is this a known issue? If so, is there a workaround for this? Or, is there another solution to get GeoServer to authenticate via Key cloak? ADAPTER-CONFIG: { "realm": "shared-services", "auth-server-url": https://O4-keycloak/, "ssl-required": "none", "resource": "geoserver-client", "verify-token-audience": true, "credentials": { "secret": "************" }, "use-resource-role-mappings": true, "confidential-port": 0, "policy-enforcer": { "credentials": {} } } Geoserver Version: 2.24.1 Keycloak Version: 21.1.2 Plugins used: sec-keycloak-plugin / sec-oauth2-openid-connect-plugin. Docs followed: OpenID connect authentication - GeoServer 2.24.x User Manual<https://docs.geoserver.org/stable/en/user/community/oauth2/oidc.html> https://docs.geoserver.org/2.24.1/en/user/community/keycloak/index.html Respectfully, Michael Carrillo
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users