Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with Keycloak and Skooner - fail to login within keycloack 401 #448

Open
0dje opened this issue Mar 18, 2024 · 1 comment
Open

Issue with Keycloak and Skooner - fail to login within keycloack 401 #448

0dje opened this issue Mar 18, 2024 · 1 comment

Comments

@0dje
Copy link

0dje commented Mar 18, 2024

Kubernetes version: v1.27.8
Image: ghcr.io/skooner-k8s/skooner: stable
Keycloack helm version: keycloak-16.1.5

We have configured authentication in Kubernetes through Keycloak. However, when installing Skooner and attempting to authenticate through Keycloak, we encounter the following behavior:

1 Skooner opens and prompts for authentication through Keycloak.
2 After authentication, a redirect occurs to the Skooner page, but we see an "Invalid credentials" error.
3 In the Skooner logs:
skooner logs 2024-03-18T12:20:25.635Z POST /oidc 200 [HPM] POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews -> https://192.168.4.1:443 [HPM] POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews -> https://192.168.4.1:443 2024-03-18T12:20:25.813Z POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401 2024-03-18T12:20:25.813Z POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401 [HPM] POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews -> https://192.168.4.1:443 2024-03-18T12:20:25.965Z POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401 [HPM] POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews -> https://192.168.4.1:443 2024-03-18T12:20:25.968Z GET / 304 2024-03-18T12:20:25.971Z POST /apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401
In browser we obtain:
Login Failed TypeError: Failed to fetch
iProxy.ts:38 Uncaught (in promise) TypeError: Failed to fetch
iProxy.ts:38 POST https://skooner.mydomain.tech/apis/authorization.k8s.io/v1/selfsubjectrulesreviews 401
caught (in promise) Error: Api request error: - Unauthorized

Everything was configured according to the documentation.
The main question I'm interested in is whether such an implementation is possible and whether Skooner supports RBAC. If it does, are there any tips or documentation available on how to configure this integration

Is there any additional action required from Keycloak's side? However, with this configuration, I am able to use kubectl and log in to Kubernetes using kubectl oidc-login.
@mhkarimi1383
Copy link

mhkarimi1383 commented Mar 25, 2024
edited
Loading

@0dje
Hi
you have to apply this patch in your cluster

https://github.com/skooner-k8s/skooner/blob/master/provision/keycloak/skooner-oidc-patch.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0dje @mhkarimi1383