cuzy-app / auth-keycloak Goto Github PK
View Code? Open in Web Editor NEWKeycloak Sign-In
Keycloak Sign-In
You should use the settings page for entering the required information instead of going through the common.php
file.
When I logout from humhub I expect this plugin to log me out from Keycloak as well or at least give me the option of enabling this, as it is a security risk for people not being able to logout on a public PC without going to the logout endpoint themselves.
Maybe its just me that is misconfiguring something, but I cant seem to find a way to logout from Humhub properly.
Kind Regards
Gabriel
Hi
I was wondering if there is a way to disable user registration on humhub via the "register form" while still allowing the SSO flow to provision users if they do not exists in humhub.
I tried unchecking the box : New users can register but this seemed to block the user registration when he tried the SSO login (and wasn't a user in humhub)
Hello,
I have installed KeyClock 17.0.1 and Hum Hub 1.9 and received the following error after checking "Enable this Auth client" directions seem pretty straightforward. I used docker to setup everything. When I turn on the module I get the following error in firefox/chrome: too many redirects
From the error logs I get the following:
$_SERVER = [
'USER' => 'nginx'
'HOME' => '/var/lib/nginx'
'HTTP_COOKIE' => 'region1_configure_menu=visible; region3_registry_menu=visible; menuPanel=visible; region5_tools_menu=visible; menuPanelType=config; PHPSESSID=2de6ald0blure7fq5m228deja3; _identity=fe3063089da391a85cb03d2e6edb6775c3764cce274ee5975cc23e5e65f34158a%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22_identity%22%3Bi%3A1%3Bs%3A50%3A%22%5B1%2C%229849337e-5224-438a-9e3a-4bcba550bbb6%22%2C2592000%5D%22%3B%7D; _csrf=4af84d48227cedb3673e5c2efdb97a71f7280a6600e052e002c492793c0fe8dba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22yKlDk5OY_78shslJJSh0CkTlUcI56byN%22%3B%7D'
'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.9'
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br'
'HTTP_SEC_FETCH_DEST' => 'empty'
'HTTP_SEC_FETCH_MODE' => 'navigate'
'HTTP_SEC_FETCH_SITE' => 'same-origin'
'HTTP_SEC_CH_UA_PLATFORM' => '\"macOS\"'
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36'
'HTTP_SEC_CH_UA_MOBILE' => '?0'
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1'
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
'HTTP_SEC_CH_UA' => '\".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"'
'HTTP_CACHE_CONTROL' => 'max-age=0'
'HTTP_CONNECTION' => 'keep-alive'
'HTTP_HOST' => 'localhost'
'SCRIPT_FILENAME' => '/var/www/localhost/htdocs/index.php'
'PATH_INFO' => ''
'REDIRECT_STATUS' => '200'
'SERVER_NAME' => '_'
'SERVER_PORT' => '80'
'SERVER_ADDR' => '172.17.0.4'
'REMOTE_PORT' => '58130'
'REMOTE_ADDR' => '172.17.0.1'
'SERVER_SOFTWARE' => 'nginx/1.20.2'
'GATEWAY_INTERFACE' => 'CGI/1.1'
'REQUEST_SCHEME' => 'http'
'SERVER_PROTOCOL' => 'HTTP/1.1'
'DOCUMENT_ROOT' => '/var/www/localhost/htdocs'
'DOCUMENT_URI' => '/index.php'
'REQUEST_URI' => '/user/auth/login'
'SCRIPT_NAME' => '/index.php'
'CONTENT_LENGTH' => ''
'CONTENT_TYPE' => ''
'REQUEST_METHOD' => 'GET'
'QUERY_STRING' => ''
'FCGI_ROLE' => 'RESPONDER'
'PHP_SELF' => '/index.php'
'REQUEST_TIME_FLOAT' => 1658811179.1819
'REQUEST_TIME' => 1658811179
]
2022-07-26 04:52:59 [172.17.0.1][-][2de6ald0blure7fq5m228deja3][error][yii\base\InvalidArgumentException] yii\base\InvalidArgumentException: The file or directory to be published does not exist: /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/authclient/assets in /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php:461
Stack trace:
#0 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetBundle.php(185): yii\web\AssetManager->publish()
#1 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php(288): yii\web\AssetBundle->publish()
#2 /var/www/localhost/htdocs/protected/humhub/components/AssetManager.php(66): yii\web\AssetManager->loadBundle()
#3 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php(259): humhub\components\AssetManager->loadBundle()
#4 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/View.php(287): yii\web\AssetManager->getBundle()
#5 /var/www/localhost/htdocs/protected/humhub/modules/ui/view/components/View.php(193): yii\web\View->registerAssetBundle()
#6 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetBundle.php(125): humhub\modules\ui\view\components\View->registerAssetBundle()
#7 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/widgets/AuthChoice.php(267): yii\web\AssetBundle::register()
#8 /var/www/localhost/htdocs/protected/humhub/modules/user/widgets/AuthChoice.php(113): yii\authclient\widgets\AuthChoice->init()
#9 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/BaseObject.php(109): humhub\modules\user\widgets\AuthChoice->init()
#10 [internal function]: yii\base\BaseObject->__construct()
#11 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/di/Container.php(412): ReflectionClass->newInstanceArgs()
#12 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/di/Container.php(171): yii\di\Container->build()
#13 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/BaseYii.php(365): yii\di\Container->get()
#14 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Widget.php(138): yii\BaseYii::createObject()
#15 /var/www/localhost/htdocs/protected/humhub/modules/user/views/auth/login.php(38): yii\base\Widget::widget()
#16 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(348): require('/var/www/localh...')
#17 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(257): yii\base\View->renderPhpFile()
#18 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(156): yii\base\View->renderFile()
#19 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(410): yii\base\View->render()
#20 /var/www/localhost/htdocs/protected/humhub/modules/user/controllers/AuthController.php(126): yii\base\Controller->render()
#21 [internal function]: humhub\modules\user\controllers\AuthController->actionLogin()
#22 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array()
#23 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(181): yii\base\InlineAction->runWithParams()
#24 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Module.php(534): yii\base\Controller->runAction()
#25 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/Application.php(104): yii\base\Module->runAction()
#26 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Application.php(392): yii\web\Application->handleRequest()
#27 /var/www/localhost/htdocs/index.php(25): yii\base\Application->run()
#28 {main}
2022-07-26 04:52:59 [172.17.0.1][-][2de6ald0blure7fq5m228deja3][info][application] $_GET = []
Hi,
Thanks for creating this module. I've 2 small comments on the config instructions.
I was a bit confused by the mention of oAuth 2.0 in the module name. I was looking for OpenID keyword (as other Apps are also call it) and I couldn't find it.
In Keycloak ---- Clients - Client details - Dedicated scopes - Mapper details
(modification of "Username")
Token Claim Name is already filled by default with "preferred_username" . There was no "id", as mentioned in the instructions. So IMO that point can be removed.
Otherwise the basic integration with Keycloak worked for me.
Maybe it would be a good idea to disable the realm field using 'disabled' => true
, this or remove the field and replace it with a dropdown option, your thoughts?
Hi,
Issue
Keycloak 19.0.2 now requires the access token to include the openid scope in the token.
This modules doesn't pass the scope in it's query parameter on auth request.
By missing the openid scope in the token, the user gets redirected to the login screen without any error message.
Keycloak logs shows the following
2023-06-20 15:47:58,683 WARN [org.keycloak.events] (executor-thread-146) type=USER_INFO_REQUEST_ERROR, realmId=network, clientId=null, userId=null, ipAddress=18.200.143.123, error=access_denied, auth_method=validate_access_token
Fix
Have the following query parameter added to the auth request
&scope=openid
See this for more details (section Other Changes)
keycloak/keycloak#14237
After upgrading recently, I noticed that the automatic login wasn't working anymore and after some investigation realised that the feature had been removed. This is quite important for us, as it enables a smooth user experience. When users are presented with a separate login form now, many of them will be confused and not know whether to click the button or enter their credentials again.
What's the reasoning behind removing this essential feature and is there a chance to get it back?
Cheers,
Yannick
After updating the most recent version of (1.4.1) keycloak-login the most recent humhub version don't work anymore. After hitting the keycloak authentication button keycloak mask shows up - i can enter my credentials but the redirect link goes back to the login-page.
Sory that i can't provide more data - it's on humhub professional hosting and with help of humhub support we step down to older plugin version - now it works again.
Hi there,
i have a keycloak running and my users are registering on keycloak and not on HumHub. Directly after Registering my users dont exist in HumHub. I guess this is because of the Sync Settings in the API. There is an realtime Sync from HumHub into Keycloak. Can i somehow force this process? Keycloak as "Single Source of Truth" for Authorization is necessary because there are other applications (client_ids) that exists for longer.
If i need to adjust this by code, thats fine.
Best Regards
Marco
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.