Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Keycloak Quarkus distribution #1709

Open
andreaTP opened this issue Aug 9, 2022 · 4 comments
Open

Support Keycloak Quarkus distribution #1709

andreaTP opened this issue Aug 9, 2022 · 4 comments
Assignees
@rkpattnaik780
Labels
bug Something isn't working

Comments

@andreaTP
Copy link
Member

andreaTP commented Aug 9, 2022

Description

Version: 0.48.0

rohas login command already works against new versions of Keycloak, but the token refresh fails because it injects /auth into the URL path (which is no anymore mandatory since Quarkus distribution).

For example, after running a login like:

rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cli

We receive the error:

Could not find resource for full path: http://localhost:8083/auth/realms/demo-apicurio/protocol/openid-connect/token.

Steps to reproduce

  1. Install this apicurio infrastructure on local Kubernetes (e.g. minikube) https://github.com/bf2fc6cc711aee1a0c2a/srs-fleet-manager/tree/feat/hackathon/dist/k8s-dev#start-multitenant-apicurio-registry-infrastructure-for-kubernetes-dev-mode
  2. run login: rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cli
  3. receive the error.

Expected vs actual behaviour

The CLI should respect the URL without injecting /auth.

Workaround

Is currently possible to workaround this issue by setting the retro-compatibility option:
KC_HTTP_RELATIVE_PATH: /auth

https://github.com/andreaTP/srs-fleet-manager/blob/b2fe84f373c33ff32f5ecf7b4f42b31fcc48b3fc/dist/k8s-dev/keycloak.yaml#L47-L48
@andreaTP andreaTP added the bug Something isn't working label Aug 9, 2022
@wtrocki
Copy link
Collaborator

wtrocki commented Aug 9, 2022

I think we can remove auth. Problem is that we break others like kas installer. Adding additional flag to skip it sounds like hack. @rkpattnaik780 do you have some ideas

@rkpattnaik780
Copy link
Contributor

I think we should go with additional flag to skip it as removing it can break stuffs.

I think we can remove auth. Problem is that we break others like kas installer. Adding additional flag to skip it sounds like hack. @rkpattnaik780 do you have some ideas

@rkpattnaik780
Copy link
Contributor

rkpattnaik780 commented Aug 10, 2022
edited

Hi @andreaTP
I am getting a client not found error while trying to login with the CLI, in the browser.

@andreaTP
Copy link
Member Author

@rkpattnaik780 sorry for the confusion, please use the version from the branch enable-cli-on-k8s, https://github.com/andreaTP/srs-fleet-manager/tree/enable-cli-on-k8s/dist/k8s-dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rkpattnaik780 rkpattnaik780

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@wtrocki @andreaTP @rkpattnaik780 @jackdelahunt @app-services-ci