Issues getting Keycloak to run

Hi, when I try to authenticate using Keycloak I get the following error

Jul 31 15:15:28 koyu.space mix[3676792]: 15:15:28.522 request_id=Fwby2XOu5xgcz9IAAB_D [error] Internal server error: %Jason.DecodeError{data: "secret shit", position: 1, token: nil}
Jul 31 15:15:28 koyu.space mix[3676792]: 15:15:28.522 [error] #PID<0.1939.0> running Pleroma.Web.Endpoint (connection #PID<0.1938.0>, stream id 1) terminated
Jul 31 15:15:28 koyu.space mix[3676792]: Server: fedi.koyu.space:80 (http)
Jul 31 15:15:28 koyu.space mix[3676792]: Request: GET /oauth/keycloak/callback?state=secret shit&session_state=secret shit
Jul 31 15:15:28 koyu.space mix[3676792]: ** (exit) an exception was raised:
Jul 31 15:15:28 koyu.space mix[3676792]:     ** (Protocol.UndefinedError) protocol Phoenix.HTML.Safe not implemented for %{errors: %{detail: "Internal server error"}} of type Map. This protocol is implemented for the following type(s): Atom, BitString, Date, DateTime, Decimal, Float, Integer, List, NaiveDateTime, Phoenix.HTML.Form, Phoenix.LiveComponent.CID, Phoenix.LiveView.Component, Phoenix.LiveView.Comprehension, Phoenix.LiveView.JS, Phoenix.LiveView.Rendered, Time, Tuple
Jul 31 15:15:28 koyu.space mix[3676792]:         (phoenix_html 3.2.0) lib/phoenix_html/safe.ex:1: Phoenix.HTML.Safe.impl_for!/1
Jul 31 15:15:28 koyu.space mix[3676792]:         (phoenix_html 3.2.0) lib/phoenix_html/safe.ex:15: Phoenix.HTML.Safe.to_iodata/1
Jul 31 15:15:28 koyu.space mix[3676792]:         (phoenix 1.6.11) lib/phoenix/controller.ex:772: Phoenix.Controller.render_and_send/4
Jul 31 15:15:28 koyu.space mix[3676792]:         (phoenix 1.6.11) lib/phoenix/endpoint/render_errors.ex:78: Phoenix.Endpoint.RenderErrors.instrument_render_and_send/5
Jul 31 15:15:28 koyu.space mix[3676792]:         (phoenix 1.6.11) lib/phoenix/endpoint/render_errors.ex:64: Phoenix.Endpoint.RenderErrors.__catch__/5
Jul 31 15:15:28 koyu.space mix[3676792]:         (phoenix 1.6.11) lib/phoenix/endpoint/cowboy2_handler.ex:54: Phoenix.Endpoint.Cowboy2Handler.init/4
Jul 31 15:15:28 koyu.space mix[3676792]:         (cowboy 2.9.0) /opt/akkoma/deps/cowboy/src/cowboy_handler.erl:37: :cowboy_handler.execute/2
Jul 31 15:15:28 koyu.space mix[3676792]:         (cowboy 2.9.0) /opt/akkoma/deps/cowboy/src/cowboy_stream_h.erl:306: :cowboy_stream_h.execute/3

random shot in the dark – this might be due to removing LDAP auth from core akkoma
this was done in develop, though, and it was reverted a week or so later, so if you’re running on stable or HEAD it might not apply

Sadly not, running on develop since today. LDAP authentication sure works on Pleroma, I tested that, but since I have all my users on Keycloak I thought I could just use OpenID SSO as Keycloak doesn’t expose an LDAP server. So it’d be nice to either have users login through OpenID or importing all Keycloak users onto my OpenLDAP server.

i reverted the ldap removal since it needs an erlang dependency

i don’t think we support openID though, at least there’s no authenticator for it

I just wrote a script that imports all Keycloak users to Pleroma using a modified data dump. Think we can close this one now.

How do you handle password changes in this scenario?

I have been trying to hook up Pleroma and Keycloak via uberauth, unfortunately without success.
Was planning to try again once my move to Akkoma has settled down.

Thought I’d check before I invest time if Keycloak should work in theory

According to the docs this should work (somehow)
https://docs.akkoma.dev/stable/configuration/cheatsheet/#oauth-consumer-mode

Is it worth me looking into it or did you since remove stuff which would prevent authenticating via Keycloak?

i didn’t remove any of that stuff, it should theoretically work, though i’ve never tried