cuzy-app / auth-keycloak Goto Github PK
View Code? Open in Web Editor NEWKeycloak Sign-In
auth-keycloak's People
Contributors
Stargazers
Watchers
auth-keycloak's Issues
Admin Settings Interface
You should use the settings page for entering the required information instead of going through the common.php file.
OIDC Logout not working
When I logout from humhub I expect this plugin to log me out from Keycloak as well or at least give me the option of enabling this, as it is a security risk for people not being able to logout on a public PC without going to the logout endpoint themselves.
Maybe its just me that is misconfiguring something, but I cant seem to find a way to logout from Humhub properly.
Kind Regards
Gabriel
Disable registration of users
Hi
I was wondering if there is a way to disable user registration on humhub via the "register form" while still allowing the SSO flow to provision users if they do not exists in humhub.
I tried unchecking the box : New users can register but this seemed to block the user registration when he tried the SSO login (and wasn't a user in humhub)
OIDC integration failure
Hello,
I have installed KeyClock 17.0.1 and Hum Hub 1.9 and received the following error after checking "Enable this Auth client" directions seem pretty straightforward. I used docker to setup everything. When I turn on the module I get the following error in firefox/chrome: too many redirects
From the error logs I get the following:
$_SERVER = [
'USER' => 'nginx'
'HOME' => '/var/lib/nginx'
'HTTP_COOKIE' => 'region1_configure_menu=visible; region3_registry_menu=visible; menuPanel=visible; region5_tools_menu=visible; menuPanelType=config; PHPSESSID=2de6ald0blure7fq5m228deja3; _identity=fe3063089da391a85cb03d2e6edb6775c3764cce274ee5975cc23e5e65f34158a%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22_identity%22%3Bi%3A1%3Bs%3A50%3A%22%5B1%2C%229849337e-5224-438a-9e3a-4bcba550bbb6%22%2C2592000%5D%22%3B%7D; _csrf=4af84d48227cedb3673e5c2efdb97a71f7280a6600e052e002c492793c0fe8dba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22yKlDk5OY_78shslJJSh0CkTlUcI56byN%22%3B%7D'
'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.9'
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br'
'HTTP_SEC_FETCH_DEST' => 'empty'
'HTTP_SEC_FETCH_MODE' => 'navigate'
'HTTP_SEC_FETCH_SITE' => 'same-origin'
'HTTP_SEC_CH_UA_PLATFORM' => '\"macOS\"'
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36'
'HTTP_SEC_CH_UA_MOBILE' => '?0'
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1'
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
'HTTP_SEC_CH_UA' => '\".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"'
'HTTP_CACHE_CONTROL' => 'max-age=0'
'HTTP_CONNECTION' => 'keep-alive'
'HTTP_HOST' => 'localhost'
'SCRIPT_FILENAME' => '/var/www/localhost/htdocs/index.php'
'PATH_INFO' => ''
'REDIRECT_STATUS' => '200'
'SERVER_NAME' => '_'
'SERVER_PORT' => '80'
'SERVER_ADDR' => '172.17.0.4'
'REMOTE_PORT' => '58130'
'REMOTE_ADDR' => '172.17.0.1'
'SERVER_SOFTWARE' => 'nginx/1.20.2'
'GATEWAY_INTERFACE' => 'CGI/1.1'
'REQUEST_SCHEME' => 'http'
'SERVER_PROTOCOL' => 'HTTP/1.1'
'DOCUMENT_ROOT' => '/var/www/localhost/htdocs'
'DOCUMENT_URI' => '/index.php'
'REQUEST_URI' => '/user/auth/login'
'SCRIPT_NAME' => '/index.php'
'CONTENT_LENGTH' => ''
'CONTENT_TYPE' => ''
'REQUEST_METHOD' => 'GET'
'QUERY_STRING' => ''
'FCGI_ROLE' => 'RESPONDER'
'PHP_SELF' => '/index.php'
'REQUEST_TIME_FLOAT' => 1658811179.1819
'REQUEST_TIME' => 1658811179
]
2022-07-26 04:52:59 [172.17.0.1][-][2de6ald0blure7fq5m228deja3][error][yii\base\InvalidArgumentException] yii\base\InvalidArgumentException: The file or directory to be published does not exist: /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/authclient/assets in /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php:461
Stack trace:
#0 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetBundle.php(185): yii\web\AssetManager->publish()
#1 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php(288): yii\web\AssetBundle->publish()
#2 /var/www/localhost/htdocs/protected/humhub/components/AssetManager.php(66): yii\web\AssetManager->loadBundle()
#3 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php(259): humhub\components\AssetManager->loadBundle()
#4 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/View.php(287): yii\web\AssetManager->getBundle()
#5 /var/www/localhost/htdocs/protected/humhub/modules/ui/view/components/View.php(193): yii\web\View->registerAssetBundle()
#6 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetBundle.php(125): humhub\modules\ui\view\components\View->registerAssetBundle()
#7 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/widgets/AuthChoice.php(267): yii\web\AssetBundle::register()
#8 /var/www/localhost/htdocs/protected/humhub/modules/user/widgets/AuthChoice.php(113): yii\authclient\widgets\AuthChoice->init()
#9 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/BaseObject.php(109): humhub\modules\user\widgets\AuthChoice->init()
#10 [internal function]: yii\base\BaseObject->__construct()
#11 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/di/Container.php(412): ReflectionClass->newInstanceArgs()
#12 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/di/Container.php(171): yii\di\Container->build()
#13 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/BaseYii.php(365): yii\di\Container->get()
#14 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Widget.php(138): yii\BaseYii::createObject()
#15 /var/www/localhost/htdocs/protected/humhub/modules/user/views/auth/login.php(38): yii\base\Widget::widget()
#16 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(348): require('/var/www/localh...')
#17 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(257): yii\base\View->renderPhpFile()
#18 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(156): yii\base\View->renderFile()
#19 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(410): yii\base\View->render()
#20 /var/www/localhost/htdocs/protected/humhub/modules/user/controllers/AuthController.php(126): yii\base\Controller->render()
#21 [internal function]: humhub\modules\user\controllers\AuthController->actionLogin()
#22 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array()
#23 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(181): yii\base\InlineAction->runWithParams()
#24 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Module.php(534): yii\base\Controller->runAction()
#25 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/Application.php(104): yii\base\Module->runAction()
#26 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Application.php(392): yii\web\Application->handleRequest()
#27 /var/www/localhost/htdocs/index.php(25): yii\base\Application->run()
#28 {main}
2022-07-26 04:52:59 [172.17.0.1][-][2de6ald0blure7fq5m228deja3][info][application] $_GET = []
Token Claim Name - preferred_username
Hi,
Thanks for creating this module. I've 2 small comments on the config instructions.
-
I was a bit confused by the mention of oAuth 2.0 in the module name. I was looking for OpenID keyword (as other Apps are also call it) and I couldn't find it.
-
In Keycloak ---- Clients - Client details - Dedicated scopes - Mapper details
(modification of "Username")
Token Claim Name is already filled by default with "preferred_username" . There was no "id", as mentioned in the instructions. So IMO that point can be removed.
Otherwise the basic integration with Keycloak worked for me.
Changes to Realm Field
Maybe it would be a good idea to disable the realm field using 'disabled' => true, this or remove the field and replace it with a dropdown option, your thoughts?
Keycloak 19.0.2 userinfo endpoints now required openid scope in token
Hi,
Issue
Keycloak 19.0.2 now requires the access token to include the openid scope in the token.
This modules doesn't pass the scope in it's query parameter on auth request.
By missing the openid scope in the token, the user gets redirected to the login screen without any error message.
Keycloak logs shows the following
2023-06-20 15:47:58,683 WARN [org.keycloak.events] (executor-thread-146) type=USER_INFO_REQUEST_ERROR, realmId=network, clientId=null, userId=null, ipAddress=18.200.143.123, error=access_denied, auth_method=validate_access_token
Fix
Have the following query parameter added to the auth request
&scope=openid
See this for more details (section Other Changes)
keycloak/keycloak#14237
Bring back auto-login feature
After upgrading recently, I noticed that the automatic login wasn't working anymore and after some investigation realised that the feature had been removed. This is quite important for us, as it enables a smooth user experience. When users are presented with a separate login form now, many of them will be confused and not know whether to click the button or enter their credentials again.
What's the reasoning behind removing this essential feature and is there a chance to get it back?
Cheers,
Yannick
Error after updating
After updating the most recent version of (1.4.1) keycloak-login the most recent humhub version don't work anymore. After hitting the keycloak authentication button keycloak mask shows up - i can enter my credentials but the redirect link goes back to the login-page.
Sory that i can't provide more data - it's on humhub professional hosting and with help of humhub support we step down to older plugin version - now it works again.
Force Keycloak to HumHub Sync
Hi there,
i have a keycloak running and my users are registering on keycloak and not on HumHub. Directly after Registering my users dont exist in HumHub. I guess this is because of the Sync Settings in the API. There is an realtime Sync from HumHub into Keycloak. Can i somehow force this process? Keycloak as "Single Source of Truth" for Authorization is necessary because there are other applications (client_ids) that exists for longer.
If i need to adjust this by code, thats fine.
Best Regards
Marco
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.