Unable to set up Keycloak authentication via OIDC

Hi there,

We’ve seen in this issue that keycloak auth via OIDC is already implemented although there are still some issues to resolve. Anyway, we wanted to give it a try as a pilot project but unfortunately, we haven’t been able to connect to the cloak server.

We have installed rancher with docker on a single node with this image (since it was the last wan one tested as reported in the github issue). We have filled the keycloak OIDC form but when trying to connect we get this error:

[generic oidc]: server error while authenticating: oauth2: cannot fetch token: 400 Bad Request Response: {"error":"invalid_grant","error_description":"Code not valid"}

We have also checked the debug logs but they are quite uninformative:

Idk if the session expiration thing could have something to do with the problem.

Any ideas of what could be going wrong? Also, if this is not the correct place for this kind of question please let me know!


Okay it seems it’s a known issue: Keycloak OIDC - bad request when enabling the auth provider on a newer Keycloak version · Issue #3406 · rancher/dashboard · GitHub

Thanks @RichardC for pointing it out!