Skip to content

Using keycloak as an OAuth provider for SSO is not working

I've tried to login via SSO with keycloak both in stable and develop and both from the docker image and installing from source but I get the same behaviour in all variants.

The Login via token button appears in the frontend and it redirects to http://localhost:4000/oauth/authorize?response_type=code&client_id=15B0uDJzwo4eA_bTPECsw3WQ1a0sXANlXs1vQeqVXrc&redirect_uri=http%3A%2F%2Flocalhost%3A4000%2Foauth-callback&scope=read%20write%20follow%20push%20admin which returns the following header: location: http://localhost:4000/oauth-callback?access_token=snto8cHKtpPBS_tY9hRYO5qzEsmFhb61q8k2F-6utTs thus redirecting to that page that rerenders the main login page.

The expected behaviour is that I get redirected to the keycloak interface for login.

I've also tried with twitter with no luck.

I'm stuck and haven't been able to debug it past this point. Any help much appreciated.

This is the relevant config:


    config :pleroma, Pleroma.Web.Endpoint,
      extra_cookie_attrs: ["SameSite=Lax"]

    keycloak_url = "https://users.regeneratio.org"

    config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
      client_id: System.get_env("KEYCLOAK_CLIENT_ID"),
      client_secret: System.get_env("KEYCLOAK_CLIENT_SECRET"),
      site: keycloak_url,
      authorize_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/auth",
      token_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/token",
      userinfo_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/userinfo",
      token_method: :post

    config :ueberauth, Ueberauth,
      providers: [
        keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email]}
      ]

    config :pleroma, :auth, oauth_consumer_strategies: "keycloak:ueberauth_keycloak_strategy"

    config :pleroma, :frontend_configurations,
      pleroma_fe: %{
        alwaysShowSubjectInput: true,
        background: "/images/city.jpg",
        collapseMessageWithSubject: false,
        disableChat: false,
        greentext: false,
        hideFilteredStatuses: false,
        hideMutedPosts: false,
        hidePostStats: false,
        hideSitename: false,
        hideUserStats: false,
        loginMethod: "token",
        logo: "/static/logo.svg",
        logoMargin: ".1em",
        logoMask: true,
        minimalScopesMode: false,
        noAttachmentLinks: false,
        nsfwCensorImage: "",
        postContentType: "text/plain",
        redirectRootLogin: "/main/friends",
        redirectRootNoLogin: "/main/all",
        scopeCopy: true,
        sidebarRight: false,
        showFeaturesPanel: true,
        showInstanceSpecificPanel: false,
        subjectLineBehavior: "email",
        theme: "pleroma-dark",
        webPushNotifications: false
    }

These are the outputs from the running server:

16:21:28.780 [info] GET /oauth/authorize

16:21:28.788 request_id=Fyd_97HmyQ59qocAAJJF [info] Sent 302 in 7ms

16:21:28.793 [info] GET /oauth-callback

16:21:28.797 request_id=Fyd_97KxNfMFCvEAAJyi [info] Sent 200 in 4ms

16:21:28.865 [info] GET /static/js/app.6c972d84b60f601b01f8.js

16:21:28.865 [info] GET /static/js/vendors~app.cea10ab53f3aa19fc30e.js

16:21:28.865 [info] GET /static/css/app.7d2d223f75c3a14b0991.css

16:21:28.872 [info] Sent 304 in 6ms

16:21:28.872 [info] Sent 304 in 6ms

16:21:28.875 [info] Sent 200 in 9ms

16:21:28.946 [info] GET /favicon.png

16:21:28.963 [info] GET /favicon.png

16:21:28.963 [info] GET /api/pleroma/frontend_configurations

16:21:28.963 [info] GET /static/config.json

16:21:28.965 request_id=Fyd_97zGzirwvpMAAIWI [info] Sent 200 in 2ms

16:21:28.965 [info] Sent 304 in 2ms

16:21:28.967 [info] Sent 304 in 4ms

16:21:28.998 [info] POST /oauth/token

16:21:28.998 [info] GET /instance/panel.html

16:21:28.998 [info] GET /nodeinfo/2.0.json

16:21:28.999 [info] GET /api/v1/instance

16:21:28.999 [info] GET /static/styles.json

16:21:29.004 [info] Sent 304 in 5ms

16:21:29.005 request_id=Fyd_9776W2IA-wIAAJzC [info] Sent 200 in 6ms

16:21:29.006 [info] Sent 200 in 8ms

16:21:29.008 request_id=Fyd_977urVCSn5UAATMh [info] Sent 200 in 9ms

16:21:29.010 request_id=Fyd_977vZaR4N8kAAJuD [info] Sent 200 in 12ms

16:21:29.046 [info] GET /static/themes/redmond-xx.json

16:21:29.046 [info] GET /static/themes/pleroma-dark.json

16:21:29.046 [info] GET /static/themes/pleroma-light.json

16:21:29.047 [info] GET /static/themes/redmond-xxi.json

16:21:29.048 [info] GET /static/themes/breezy-dark.json

16:21:29.048 [info] GET /static/themes/redmond-xx-se.json

16:21:29.053 [info] Sent 200 in 7ms

16:21:29.055 [info] Sent 200 in 6ms

16:21:29.055 [info] Sent 200 in 7ms

16:21:29.056 [info] Sent 200 in 10ms

16:21:29.056 [info] Sent 200 in 10ms

16:21:29.057 [info] Sent 200 in 9ms

16:21:29.057 [info] GET /static/themes/mammal.json

16:21:29.058 [info] GET /static/themes/breezy-light.json

16:21:29.059 [info] GET /static/themes/paper.json

16:21:29.061 [info] GET /static/terms-of-service.html

16:21:29.062 [info] GET /api/v1/mutes/

16:21:29.062 [info] GET /static/stickers.json

16:21:29.067 [info] Sent 200 in 8ms

16:21:29.067 [info] Sent 304 in 5ms

16:21:29.067 [info] Sent 200 in 10ms

16:21:29.069 [info] GET /static/logo.svg

16:21:29.071 request_id=Fyd_98LB-EKN8_QAAJzi [info] Sent 403 in 8ms

16:21:29.074 [info] Sent 200 in 15ms

16:21:29.076 [info] Sent 304 in 6ms

16:21:29.076 request_id=Fyd_98MRZ_jHKDoAAG4m [info] Sent 200 in 13ms

16:21:29.097 [info] GET /static/logo.svg

16:21:29.098 [info] GET /images/city.jpg

16:21:29.102 [info] Sent 304 in 4ms

16:21:29.102 [info] Sent 304 in 4ms