Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSO alternatives to Keycloak, i.e. Authentik.io #267

Open
saschafoerster opened this issue Aug 23, 2024 · 2 comments
Open

SSO alternatives to Keycloak, i.e. Authentik.io #267

saschafoerster opened this issue Aug 23, 2024 · 2 comments

Comments

@saschafoerster
Copy link

We are using Authentik as a OIDC-provider. I would like to connect the Datenschutzcenter directly to it, without having another keycloak-instance running just for it.

First I tried to just use Authentik, but the URLs where not fitting, as they were optimized for Keycloak:

https://DOMAIN/realms/datenschutz-center/protocol/openid-connect/auth?....
while authentik is expecting:
https://DOMAIN/application/o/datenschutz-center
It also has Github compatibility:
https://docs.goauthentik.io/docs/providers/oauth2/

But I saw this URL is not an variable but hardcoded:

$url = $this->getParameter('KEYCLOAK_URL') . '/realms/' . $this->getParameter('KEYCLOAK_REALM') . '/account';

I tried to play around myself and change the OIDC-type to "generic" and added some options for it, but then I got subsequent errors, when building the containers, for instance:

knpu_oauth2_client:
    clients:
        keycloak_main:
            # must be "keycloak" - it activates that type!
            #type: keycloak

Error:

14.47 Script cache:clear returned with error code 1
14.47 !!  
14.47 !!  In ArrayNode.php line 304:
14.47 !!                                                                                 
14.47 !!    Unrecognized options "auth_server_url, realm, access_token_url, authorizati  
14.47 !!    on_url, infos_url, scope, paths" under "knpu_oauth2_client/clients/keycloak  
14.47 !!    _main". Available options are "client_class", "client_id", "client_secret",  
14.47 !!     "provider_class", "provider_options", "redirect_params", "redirect_route",  
14.47 !!     "use_state".                                                                
14.47 !!                                                                                 
14.47 !!  
14.47 !!  
14.47 Script @auto-scripts was called via post-install-cmd
------
failed to solve: process "/bin/bash -o pipefail -c composer install" did not complete successfully: exit code: 1

So, I gave up for now, but I would love to be able to use this nice tool! :)

@cfoellmann
Copy link

For me the hardcoded keycloak requirement was also a dealbreaker so far.

I would love to have the sso interface as a configurable generic interface.
We also run authentik and if I had time I would jump in on this issue but I am only able to pitch in with testing when some start is public.

@saschafoerster can you push you changes to your fork? That way I might be able to have a look.

@holema
Copy link
Collaborator

holema commented Aug 27, 2024

Hello @cfoellmann and @saschafoerster,
We use the https://github.com/knpuniversity/oauth2-client-bundle bundle in the odc. In this repo you can find all possible adapters which are already build for oauth2. You can install you own adapter and then owork with your own oauth2 provider.
We only implemented keycloak because with kecloak you can semmlessly integrate any other Ooauth2 prvoider with one application. this was a great benefit for us, If you are interested that we help you implementing an other oauth provider feel free to contact us at entwicklung@h2-invent.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants