Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC integration failure #5

Closed
buglessdr opened this issue Jul 26, 2022 · 8 comments
Closed

OIDC integration failure #5

buglessdr opened this issue Jul 26, 2022 · 8 comments

Comments

@buglessdr
Copy link

Hello,

I have installed KeyClock 17.0.1 and Hum Hub 1.9 and received the following error after checking "Enable this Auth client" directions seem pretty straightforward. I used docker to setup everything. When I turn on the module I get the following error in firefox/chrome: too many redirects

From the error logs I get the following:

$_SERVER = [

    'USER' => 'nginx'

    'HOME' => '/var/lib/nginx'

    'HTTP_COOKIE' => 'region1_configure_menu=visible; region3_registry_menu=visible; menuPanel=visible; region5_tools_menu=visible; menuPanelType=config; PHPSESSID=2de6ald0blure7fq5m228deja3; _identity=fe3063089da391a85cb03d2e6edb6775c3764cce274ee5975cc23e5e65f34158a%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22_identity%22%3Bi%3A1%3Bs%3A50%3A%22%5B1%2C%229849337e-5224-438a-9e3a-4bcba550bbb6%22%2C2592000%5D%22%3B%7D; _csrf=4af84d48227cedb3673e5c2efdb97a71f7280a6600e052e002c492793c0fe8dba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22yKlDk5OY_78shslJJSh0CkTlUcI56byN%22%3B%7D'

    'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.9'

    'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br'

    'HTTP_SEC_FETCH_DEST' => 'empty'

    'HTTP_SEC_FETCH_MODE' => 'navigate'

    'HTTP_SEC_FETCH_SITE' => 'same-origin'

    'HTTP_SEC_CH_UA_PLATFORM' => '\"macOS\"'

    'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36'

    'HTTP_SEC_CH_UA_MOBILE' => '?0'

    'HTTP_UPGRADE_INSECURE_REQUESTS' => '1'

    'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'

    'HTTP_SEC_CH_UA' => '\".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"'

    'HTTP_CACHE_CONTROL' => 'max-age=0'

    'HTTP_CONNECTION' => 'keep-alive'

    'HTTP_HOST' => 'localhost'

    'SCRIPT_FILENAME' => '/var/www/localhost/htdocs/index.php'

    'PATH_INFO' => ''

    'REDIRECT_STATUS' => '200'

    'SERVER_NAME' => '_'

    'SERVER_PORT' => '80'

    'SERVER_ADDR' => '172.17.0.4'

    'REMOTE_PORT' => '58130'

    'REMOTE_ADDR' => '172.17.0.1'

    'SERVER_SOFTWARE' => 'nginx/1.20.2'

    'GATEWAY_INTERFACE' => 'CGI/1.1'

    'REQUEST_SCHEME' => 'http'

    'SERVER_PROTOCOL' => 'HTTP/1.1'

    'DOCUMENT_ROOT' => '/var/www/localhost/htdocs'

    'DOCUMENT_URI' => '/index.php'

    'REQUEST_URI' => '/user/auth/login'

    'SCRIPT_NAME' => '/index.php'

    'CONTENT_LENGTH' => ''

    'CONTENT_TYPE' => ''

    'REQUEST_METHOD' => 'GET'

    'QUERY_STRING' => ''

    'FCGI_ROLE' => 'RESPONDER'

    'PHP_SELF' => '/index.php'

    'REQUEST_TIME_FLOAT' => 1658811179.1819

    'REQUEST_TIME' => 1658811179

]

2022-07-26 04:52:59 [172.17.0.1][-][2de6ald0blure7fq5m228deja3][error][yii\base\InvalidArgumentException] yii\base\InvalidArgumentException: The file or directory to be published does not exist: /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/authclient/assets in /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php:461

Stack trace:

#0 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetBundle.php(185): yii\web\AssetManager->publish()

#1 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php(288): yii\web\AssetBundle->publish()

#2 /var/www/localhost/htdocs/protected/humhub/components/AssetManager.php(66): yii\web\AssetManager->loadBundle()

#3 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php(259): humhub\components\AssetManager->loadBundle()

#4 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/View.php(287): yii\web\AssetManager->getBundle()

#5 /var/www/localhost/htdocs/protected/humhub/modules/ui/view/components/View.php(193): yii\web\View->registerAssetBundle()

#6 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetBundle.php(125): humhub\modules\ui\view\components\View->registerAssetBundle()

#7 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/widgets/AuthChoice.php(267): yii\web\AssetBundle::register()

#8 /var/www/localhost/htdocs/protected/humhub/modules/user/widgets/AuthChoice.php(113): yii\authclient\widgets\AuthChoice->init()

#9 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/BaseObject.php(109): humhub\modules\user\widgets\AuthChoice->init()

#10 [internal function]: yii\base\BaseObject->__construct()

#11 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/di/Container.php(412): ReflectionClass->newInstanceArgs()

#12 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/di/Container.php(171): yii\di\Container->build()

#13 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/BaseYii.php(365): yii\di\Container->get()

#14 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Widget.php(138): yii\BaseYii::createObject()

#15 /var/www/localhost/htdocs/protected/humhub/modules/user/views/auth/login.php(38): yii\base\Widget::widget()

#16 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(348): require('/var/www/localh...')

#17 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(257): yii\base\View->renderPhpFile()

#18 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(156): yii\base\View->renderFile()

#19 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(410): yii\base\View->render()

#20 /var/www/localhost/htdocs/protected/humhub/modules/user/controllers/AuthController.php(126): yii\base\Controller->render()

#21 [internal function]: humhub\modules\user\controllers\AuthController->actionLogin()

#22 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array()

#23 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(181): yii\base\InlineAction->runWithParams()

#24 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Module.php(534): yii\base\Controller->runAction()

#25 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/Application.php(104): yii\base\Module->runAction()

#26 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Application.php(392): yii\web\Application->handleRequest()

#27 /var/www/localhost/htdocs/index.php(25): yii\base\Application->run()

#28 {main}

2022-07-26 04:52:59 [172.17.0.1][-][2de6ald0blure7fq5m228deja3][info][application] $_GET = []
@marc-farre
Copy link
Member

The error you have is:

The file or directory to be published does not exist: /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/authclient/assets in /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php:461

Could you check you have this directory on your server: /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/authclient/assets?

@buglessdr
Copy link
Author

I do not image

@buglessdr
Copy link
Author

buglessdr commented Jul 26, 2022
edited
Loading

Not sure if this is helpful - but these are the commands I used to start the containers.

docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:18.0.2 start-dev

docker run -d --name humhub_db -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=humhub mariadb:10.2

docker run -d --name humhub -p 80:80 --link humhub_db:db mriedmann/humhub:stable

@buglessdr
Copy link
Author

buglessdr commented Jul 26, 2022
edited
Loading

Did an upgrade to humhub 1.11.4 and keycloak 18.0.2 and was able to make a little more progress however, I have encountered a new error:

Next yii\httpclient\Exception: fopen(http://localhost:8080/realms/master/protocol/openid-connect/token): failed to open stream: Address not available in /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-httpclient/src/StreamTransport.php:68

Stack trace:
#0 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-httpclient/src/Client.php(233): yii\httpclient\StreamTransport->send()
#1 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-httpclient/src/Request.php(445): yii\httpclient\Client->send()
#2 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/BaseOAuth.php(231): yii\httpclient\Request->send()
#3 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/OAuth2.php(149): yii\authclient\BaseOAuth->sendRequest()
#4 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/AuthAction.php(421): yii\authclient\OAuth2->fetchAccessToken()
#5 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/AuthAction.php(232): yii\authclient\AuthAction->authOAuth2()
#6 /var/www/localhost/htdocs/protected/humhub/modules/user/authclient/AuthAction.php(38): yii\authclient\AuthAction->auth()
#7 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/AuthAction.php(216): humhub\modules\user\authclient\AuthAction->auth()
#8 [internal function]: yii\authclient\AuthAction->run()
#9 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Action.php(93): call_user_func_array()
#10 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(178): yii\base\Action->runWithParams()
#11 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Module.php(552): yii\base\Controller->runAction()
#12 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/Application.php(103): yii\base\Module->runAction()
#13 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Application.php(384): yii\web\Application->handleRequest()
#14 /var/www/localhost/htdocs/index.php(25): yii\base\Application->run()
#15 {main}
2022-07-26 23:26:29 [172.17.0.1][-][7tjiruh8rus0fngdc3pve25gjh][info][application] $_GET = [

'authclient' => 'Keycloak'
'state' => '75400b4152e5c01e72e0b161ac86dc463289052574354928dd6cae271a5d2a35'
'session_state' => '546e2ee9-c55b-4405-b128-6a0d47517d2d'
'code' => '94742197-a024-4deb-9780-14fdf7c16b7d.546e2ee9-c55b-4405-b128-6a0d47517d2d.d4b2bb8d-f4c6-42a5-b559-3e546c30bb1f'

]

I was able to validate with postman that I can hit the URL and successfully return a token with it, (I did have to make a change to scopes to be able to do it)

@marc-farre
Copy link
Member

Great.
I cannot tell, the error is that http://localhost:8080/realms/master/protocol/openid-connect/token is not reachable.
This URL is your Keycloak, but I really don't know why it cannot be read.
Perhaps Keycloak URL should to be on HTTPS?
You could also try with another app (Wordpress or other) if your Keycloak is working correctly.

@ArchBlood
Copy link
Contributor

@funkycram see humhub-contrib/auth-google#5 for similar issue.

@marc-farre
Copy link
Member

Thanks @ArchBlood but I think the problem is the URL.
@buglessdr Could you go to the Keycloak administration -> Realm settings -> click on "OpenID Endpoint Configuration" and check the token_endpoint URL?
If it starts with http://localhost:8080/auth/master/... then in the Keycloak settings (in Humhub), in the field Base URL you should have http://localhost:8080/auth.

@buglessdr
Copy link
Author

That was it! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@buglessdr @marc-farre @ArchBlood