I’m trying to setup Rancher to use Keycloak as an authentication provider and following the setups laid out here. I’ve triple-checked that I followed the steps accurately and didn’t miss anything but authentication isn’t working - it opens another window with the same Keycloak setup page when clicking the Authenticate with Keycloak button to validate the setup. There are no errors in the Docker logs for the Rancher container when running docker logs CONTAINER
command.
I also went through the troubleshooting steps in the doc and none of those are relevant or made a difference.
Can you turn on debug logs, and look for a log with this format
Blockquote
RESPONSE: ===
It will be followed by "ERROR: " towards the end. Can you share the “ERROR” part? you don’t need to share the “RESPONSE” part
I turned on debug and there is no RESPONSE or ERROR part. Below are the logs I get after clicking the Authenticate with Keycloak button. It pops up another window with the same Keycloak configuration page.
2019/06/29 13:30:43 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:43 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:43 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:43 [DEBUG] GET: 1.256719msauthconfigs
2019/06/29 13:30:43 [DEBUG] REST UPDATE api//v1/cattle-global-data/secrets/pingconfig-spkey
2019/06/29 13:30:43 [DEBUG] GET: 928.588µsauthconfigs
2019/06/29 13:30:43 [DEBUG] GET: 1.431425msauthconfigs
2019/06/29 13:30:43 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:43 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:43 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:43 [DEBUG] GET: 1.508852msauthconfigs
2019/06/29 13:30:43 [DEBUG] REST GET apis/management.cattle.io/v3//authconfigs/keycloak
2019/06/29 13:30:43 [DEBUG] REST GET api//v1/cattle-global-data/secrets/pingconfig-spkey
2019/06/29 13:30:44 [DEBUG] REST LIST apis/management.cattle.io/v3//authconfigs
2019/06/29 13:30:44 [DEBUG] GET: 1.893369mssettings
2019/06/29 13:30:44 [DEBUG] GET: 2.48626mssettings
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] LIST: 1.686759ms, users
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] LIST: 5.882877ms, settings
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] LIST: 1.351637ms, clusters
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] LIST: 4.769192ms, projects
2019/06/29 13:30:44 [DEBUG] LIST: 5.179363ms, preferences
2019/06/29 13:30:44 [DEBUG] LIST: 5.19459ms, nodepools
2019/06/29 13:30:44 [DEBUG] LIST: 6.276252ms, nodes
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] LIST: 11.882692ms, nodetemplates
2019/06/29 13:30:44 [DEBUG] LIST: 15.605881ms, roletemplates
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] LIST: 21.915972ms, clusterroletemplatebindings
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] LIST: 20.541145ms, globalrolebindings
2019/06/29 13:30:44 [DEBUG] LIST: 4.236445ms, users
2019/06/29 13:30:44 [DEBUG] LIST: 22.898306ms, authconfigs
2019/06/29 13:30:44 [DEBUG] LIST: 24.576813ms, globalroles
2019/06/29 13:30:44 [DEBUG] LIST: 24.30051ms, projectroletemplatebindings
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] watching clusterLogging
2019/06/29 13:30:44 [DEBUG] watching pingConfig
2019/06/29 13:30:44 [DEBUG] watching nodeTemplate
2019/06/29 13:30:44 [DEBUG] watching clusterMonitorGraph
2019/06/29 13:30:44 [DEBUG] watching projectRoleTemplateBinding
2019/06/29 13:30:44 [DEBUG] watching multiClusterApp
2019/06/29 13:30:44 [DEBUG] watching azureADConfig
2019/06/29 13:30:44 [DEBUG] watching openLdapConfig
2019/06/29 13:30:44 [DEBUG] watching setting
2019/06/29 13:30:44 [DEBUG] watching cloudCredential
2019/06/29 13:30:44 [DEBUG] watching globalRoleBinding
2019/06/29 13:30:44 [DEBUG] watching clusterAlertRule
2019/06/29 13:30:44 [DEBUG] watching projectNetworkPolicy
2019/06/29 13:30:44 [DEBUG] watching token
2019/06/29 13:30:44 [DEBUG] watching preference
2019/06/29 13:30:44 [DEBUG] watching composeConfig
2019/06/29 13:30:44 [DEBUG] watching groupMember
2019/06/29 13:30:44 [DEBUG] watching clusterRegistrationToken
2019/06/29 13:30:44 [DEBUG] watching globalRole
2019/06/29 13:30:44 [DEBUG] watching kontainerDriver
2019/06/29 13:30:44 [DEBUG] watching user
2019/06/29 13:30:44 [DEBUG] watching clusterAlert
2019/06/29 13:30:44 [DEBUG] watching projectMonitorGraph
2019/06/29 13:30:44 [DEBUG] watching projectLogging
2019/06/29 13:30:44 [DEBUG] watching activeDirectoryConfig
2019/06/29 13:30:44 [DEBUG] watching catalogTemplate
2019/06/29 13:30:44 [DEBUG] watching catalogTemplateVersion
2019/06/29 13:30:44 [DEBUG] watching projectAlertGroup
2019/06/29 13:30:44 [DEBUG] watching clusterAlertGroup
2019/06/29 13:30:44 [DEBUG] watching notifier
2019/06/29 13:30:44 [DEBUG] watching group
2019/06/29 13:30:44 [DEBUG] watching authConfig
2019/06/29 13:30:44 [DEBUG] watching monitorMetric
2019/06/29 13:30:44 [DEBUG] watching node
2019/06/29 13:30:44 [DEBUG] watching projectCatalog
2019/06/29 13:30:44 [DEBUG] watching etcdBackup
2019/06/29 13:30:44 [DEBUG] watching projectAlert
2019/06/29 13:30:44 [DEBUG] watching catalog
2019/06/29 13:30:44 [DEBUG] watching keyCloakConfig
2019/06/29 13:30:44 [DEBUG] watching clusterCatalog
2019/06/29 13:30:44 [DEBUG] watching listenConfig
2019/06/29 13:30:44 [DEBUG] watching roleTemplate
2019/06/29 13:30:44 [DEBUG] watching nodePool
2019/06/29 13:30:44 [DEBUG] watching freeIpaConfig
2019/06/29 13:30:44 [DEBUG] watching oktaConfig
2019/06/29 13:30:44 [DEBUG] watching cluster
2019/06/29 13:30:44 [DEBUG] watching project
2019/06/29 13:30:44 [DEBUG] watching globalDnsProvider
2019/06/29 13:30:44 [DEBUG] watching nodeDriver
2019/06/29 13:30:44 [DEBUG] watching localConfig
2019/06/29 13:30:44 [DEBUG] watching managementSecret
2019/06/29 13:30:44 [DEBUG] watching dynamicSchema
2019/06/29 13:30:44 [DEBUG] watching adfsConfig
2019/06/29 13:30:44 [DEBUG] watching githubConfig
2019/06/29 13:30:44 [DEBUG] watching globalDns
2019/06/29 13:30:44 [DEBUG] watching podSecurityPolicyTemplateProjectBinding
2019/06/29 13:30:44 [DEBUG] watching userAttribute
2019/06/29 13:30:44 [DEBUG] watching template
2019/06/29 13:30:44 [DEBUG] watching clusterRoleTemplateBinding
2019/06/29 13:30:44 [DEBUG] watching podSecurityPolicyTemplate
2019/06/29 13:30:44 [DEBUG] watching multiClusterAppRevision
2019/06/29 13:30:44 [DEBUG] watching projectAlertRule
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] Requesting user: user-nn8f8, Requesting groups: [system:authenticated] Impersonate user: Impersonate group: []
2019/06/29 13:30:44 [DEBUG] Triggering auth refresh on user-nn8f8
2019/06/29 13:30:44 [DEBUG] Skipping refresh for user-nn8f8 due to max-age
2019/06/29 13:30:44 [DEBUG] GET: 1.872197msauthconfigs
Did you download your Keycloak client metadata from the Installation tab?