Issues getting Keycloak to run

Hi, when I try to authenticate using Keycloak I get the following error

Jul 31 15:15:28 mix[3676792]: 15:15:28.522 request_id=Fwby2XOu5xgcz9IAAB_D [error] Internal server error: %Jason.DecodeError{data: "secret shit", position: 1, token: nil}
Jul 31 15:15:28 mix[3676792]: 15:15:28.522 [error] #PID<0.1939.0> running Pleroma.Web.Endpoint (connection #PID<0.1938.0>, stream id 1) terminated
Jul 31 15:15:28 mix[3676792]: Server: (http)
Jul 31 15:15:28 mix[3676792]: Request: GET /oauth/keycloak/callback?state=secret shit&session_state=secret shit
Jul 31 15:15:28 mix[3676792]: ** (exit) an exception was raised:
Jul 31 15:15:28 mix[3676792]:     ** (Protocol.UndefinedError) protocol Phoenix.HTML.Safe not implemented for %{errors: %{detail: "Internal server error"}} of type Map. This protocol is implemented for the following type(s): Atom, BitString, Date, DateTime, Decimal, Float, Integer, List, NaiveDateTime, Phoenix.HTML.Form, Phoenix.LiveComponent.CID, Phoenix.LiveView.Component, Phoenix.LiveView.Comprehension, Phoenix.LiveView.JS, Phoenix.LiveView.Rendered, Time, Tuple
Jul 31 15:15:28 mix[3676792]:         (phoenix_html 3.2.0) lib/phoenix_html/safe.ex:1: Phoenix.HTML.Safe.impl_for!/1
Jul 31 15:15:28 mix[3676792]:         (phoenix_html 3.2.0) lib/phoenix_html/safe.ex:15: Phoenix.HTML.Safe.to_iodata/1
Jul 31 15:15:28 mix[3676792]:         (phoenix 1.6.11) lib/phoenix/controller.ex:772: Phoenix.Controller.render_and_send/4
Jul 31 15:15:28 mix[3676792]:         (phoenix 1.6.11) lib/phoenix/endpoint/render_errors.ex:78: Phoenix.Endpoint.RenderErrors.instrument_render_and_send/5
Jul 31 15:15:28 mix[3676792]:         (phoenix 1.6.11) lib/phoenix/endpoint/render_errors.ex:64: Phoenix.Endpoint.RenderErrors.__catch__/5
Jul 31 15:15:28 mix[3676792]:         (phoenix 1.6.11) lib/phoenix/endpoint/cowboy2_handler.ex:54: Phoenix.Endpoint.Cowboy2Handler.init/4
Jul 31 15:15:28 mix[3676792]:         (cowboy 2.9.0) /opt/akkoma/deps/cowboy/src/cowboy_handler.erl:37: :cowboy_handler.execute/2
Jul 31 15:15:28 mix[3676792]:         (cowboy 2.9.0) /opt/akkoma/deps/cowboy/src/cowboy_stream_h.erl:306: :cowboy_stream_h.execute/3

random shot in the dark – this might be due to removing LDAP auth from core akkoma
this was done in develop, though, and it was reverted a week or so later, so if you’re running on stable or HEAD it might not apply

Sadly not, running on develop since today. LDAP authentication sure works on Pleroma, I tested that, but since I have all my users on Keycloak I thought I could just use OpenID SSO as Keycloak doesn’t expose an LDAP server. So it’d be nice to either have users login through OpenID or importing all Keycloak users onto my OpenLDAP server.

i reverted the ldap removal since it needs an erlang dependency

i don’t think we support openID though, at least there’s no authenticator for it

I just wrote a script that imports all Keycloak users to Pleroma using a modified data dump. Think we can close this one now.

How do you handle password changes in this scenario?

I have been trying to hook up Pleroma and Keycloak via uberauth, unfortunately without success.
Was planning to try again once my move to Akkoma has settled down.

Thought I’d check before I invest time if Keycloak should work in theory

According to the docs this should work (somehow)

Is it worth me looking into it or did you since remove stuff which would prevent authenticating via Keycloak?

i didn’t remove any of that stuff, it should theoretically work, though i’ve never tried

1 Like