Has anyone gotten OIDC auth with keycloak working I m runnin DataHub #random

Join Slack

Has anyone gotten OIDC auth with keycloak working?...

# random

busy-dusk-4970

07/27/2022, 1:43 PM

Has anyone gotten OIDC auth with keycloak working? I'm running into this error

busy-dusk-4970

07/27/2022, 1:43 PM

Copy code

13:37:29 [application-akka.actor.default-dispatcher-2] ERROR application - 

! @7oe488g58 - Internal server error, for (GET) [/authenticate?redirect_uri=%2F] ->
 
play.api.UnexpectedException: Unexpected exception[TechnicalException: java.net.ConnectException: Connection refused (Connection refused)]
        at play.api.http.HttpErrorHandlerExceptions$.throwableToUsefulException(HttpErrorHandler.scala:340)
        at play.api.http.DefaultHttpErrorHandler.onServerError(HttpErrorHandler.scala:263)
        at play.core.server.AkkaHttpServer$$anonfun$1.applyOrElse(AkkaHttpServer.scala:443)
        at play.core.server.AkkaHttpServer$$anonfun$1.applyOrElse(AkkaHttpServer.scala:441)
        at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:417)
        at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
        at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
        at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
        at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:92)
        at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
        at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
        at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:92)
        at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:41)
        at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:49)
        at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
        at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
        at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
        at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Caused by: org.pac4j.core.exception.TechnicalException: java.net.ConnectException: Connection refused (Connection refused)
        at org.pac4j.oidc.config.OidcConfiguration.internalInit(OidcConfiguration.java:136)
        at org.pac4j.core.util.InitializableObject.init(InitializableObject.java:20)
        at auth.sso.oidc.custom.CustomOidcClient.clientInit(CustomOidcClient.java:21)
        at org.pac4j.core.client.IndirectClient.internalInit(IndirectClient.java:58)
        at org.pac4j.core.util.InitializableObject.init(InitializableObject.java:20)
        at org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:93)
        at org.pac4j.core.client.IndirectClient.redirect(IndirectClient.java:79)
        at controllers.AuthenticationController.redirectToIdentityProvider(AuthenticationController.java:278)
        at controllers.AuthenticationController.authenticate(AuthenticationController.java:89)
        at router.Routes$$anonfun$routes$1.$anonfun$applyOrElse$8(Routes.scala:489)
        at play.core.routing.HandlerInvokerFactory$$anon$6.resultCall(HandlerInvoker.scala:139)
        at play.core.routing.HandlerInvokerFactory$$anon$6.resultCall(HandlerInvoker.scala:138)
        at play.core.routing.HandlerInvokerFactory$JavaActionInvokerFactory$$anon$3$$anon$4$$anon$5.invocation(HandlerInvoker.scala:112)
        at play.core.j.JavaAction$$anon$1.call(JavaAction.scala:128)
        at play.mvc.Action.lambda$call$0(Action.java:89)
        at java.util.Optional.map(Optional.java:215)
        at play.mvc.Action.call(Action.java:81)
        at play.http.DefaultActionCreator$1.call(DefaultActionCreator.java:33)
        at play.core.j.JavaAction.$anonfun$apply$8(JavaAction.scala:188)
        at scala.concurrent.Future$.$anonfun$apply$1(Future.scala:659)
        at scala.util.Success.$anonfun$map$1(Try.scala:255)
        at scala.util.Success.map(Try.scala:213)
        at scala.concurrent.Future.$anonfun$map$1(Future.scala:292)
        at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:33)
        at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:33)
        at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
        at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:77)
        at play.api.libs.streams.Execution$trampoline$.execute(Execution.scala:70)
        at play.core.j.HttpExecutionContext.execute(HttpExecutionContext.scala:69)
        at scala.concurrent.impl.CallbackRunnable.executeWithValue(Promise.scala:72)
        at scala.concurrent.impl.Promise$KeptPromise$Kept.onComplete(Promise.scala:372)
        at scala.concurrent.impl.Promise$KeptPromise$Kept.onComplete$(Promise.scala:371)
        at scala.concurrent.impl.Promise$KeptPromise$Successful.onComplete(Promise.scala:379)
        at scala.concurrent.impl.Promise.transform(Promise.scala:33)
        at scala.concurrent.impl.Promise.transform$(Promise.scala:31)
        at scala.concurrent.impl.Promise$KeptPromise$Successful.transform(Promise.scala:379)
        at scala.concurrent.Future.map(Future.scala:292)
        at scala.concurrent.Future.map$(Future.scala:292)
        at scala.concurrent.impl.Promise$KeptPromise$Successful.map(Promise.scala:379)
        at scala.concurrent.Future$.apply(Future.scala:659)
        at play.core.j.JavaAction.apply(JavaAction.scala:189)
        at play.api.mvc.Action.$anonfun$apply$2(Action.scala:95)
        at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$4(Accumulator.scala:181)
        at scala.util.Try$.apply(Try.scala:213)
        at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$3(Accumulator.scala:181)
        at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
        at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:216)
        at play.core.server.AkkaHttpServer.$anonfun$runAction$4(AkkaHttpServer.scala:436)
        at akka.http.scaladsl.util.FastFuture$.strictTransform$1(FastFuture.scala:41)
        at akka.http.scaladsl.util.FastFuture$.$anonfun$transformWith$3(FastFuture.scala:51)
        ... 12 common frames omitted
Caused by: java.net.ConnectException: Connection refused (Connection refused)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:607)
        at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
        at sun.net.www.http.HttpClient.<init>(HttpClient.java:242)
        at sun.net.www.http.HttpClient.New(HttpClient.java:339)
        at sun.net.www.http.HttpClient.New(HttpClient.java:357)
        at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1226)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
        at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:990)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
        at com.nimbusds.jose.util.DefaultResourceRetriever.getInputStream(DefaultResourceRetriever.java:249)
        at com.nimbusds.jose.util.DefaultResourceRetriever.retrieveResource(DefaultResourceRetriever.java:201)
        at org.pac4j.oidc.config.OidcConfiguration.internalInit(OidcConfiguration.java:133)
        ... 61 common frames omitted

busy-dusk-4970

07/27/2022, 1:44 PM

I'm not sure on how to proceed to debug this any help is appreciated 🙏

better-orange-49102

07/27/2022, 1:57 PM

i think we discussed keycloak settings before for a localhost setup? Or was it someone else your keycloak and datahub are all on the same machine?

busy-dusk-4970

07/27/2022, 1:58 PM

yes they are on the same machine, I don't think we've discussed OIDC before

better-orange-49102

07/27/2022, 1:59 PM

ah ok then i mixed you up with someone else

busy-dusk-4970

07/27/2022, 1:59 PM

no worries I just don't know how to proceed to debug this 🥴

better-orange-49102

07/27/2022, 2:00 PM

im no good at debugging from the error msg, but i can share my keycloak settings

better-orange-49102

07/27/2022, 2:02 PM

docker.env for frontend:

Copy code

# AUTH_OIDC_ENABLED=true
# AUTH_OIDC_CLIENT_ID=datahub
# AUTH_OIDC_CLIENT_SECRET=<from keycloak>
# AUTH_OIDC_DISCOVERY_URI=<http://172.19.0.1:8088/auth/realms/app/.well-known/openid-configuration>
# AUTH_OIDC_BASE_URL=<http://172.19.0.1:9002/>

i set keycloak to port 8088

better-orange-49102

07/27/2022, 2:02 PM

and i specified datahub_network to a specific subnet

better-orange-49102

07/27/2022, 2:03 PM

ie i navigate to datahub on 172.19.0.1:9002 to access the URL

better-orange-49102

07/27/2022, 2:03 PM

i need a while to get the keycloak screenshot

busy-dusk-4970

07/27/2022, 2:07 PM

and you are running this using quickstart?

better-orange-49102

07/27/2022, 2:09 PM

I do not

better-orange-49102

07/27/2022, 2:11 PM

The changes to frontend-react container can be reflected in a custom quickstart yml file, so it should work in quickstart. And if you precreate a network before quickstart, I don't think it will fail either

busy-dusk-4970

07/27/2022, 2:28 PM

cool thanks for the help I'll see if I can get it working

busy-dusk-4970

07/27/2022, 2:29 PM

hmm so I see your root url is the callback/oidc I thought that was supposed to be a valid redirect url not the root

better-orange-49102

07/27/2022, 2:50 PM

cant remember why i did that, but changing the settings in keycloak doesnt seem to change anything, ie still works

busy-dusk-4970

07/27/2022, 3:48 PM

@better-orange-49102 did you set

AUTH_JAAS_ENABLED=false

busy-dusk-4970

07/27/2022, 3:49 PM

I still get the same error regardless if I set it to true or false 🥴

better-orange-49102

07/27/2022, 3:49 PM

i left it commented out

busy-dusk-4970

07/27/2022, 3:50 PM

🤔

better-orange-49102

07/27/2022, 3:50 PM

you're still encountering the initial error message?

busy-dusk-4970

07/27/2022, 3:50 PM

yeah

busy-dusk-4970

07/27/2022, 3:50 PM

I wonder if it doesn't like me using localhost I'm going to try using 127.0.0.1

busy-dusk-4970

07/27/2022, 3:53 PM

have you tested your setup with the latest version of datahub?

busy-dusk-4970

07/27/2022, 4:08 PM

Not sure if this is relevant or not but when I go to

<http://localhost:9002>

it redirects to

<http://localhost:9002/authenticate?redirect_uri=%2F>

and thats when it throws the error

busy-dusk-4970

07/27/2022, 4:24 PM

@better-orange-49102 how are you ensuring they are both on the same network?

better-orange-49102

07/27/2022, 4:27 PM

im on 0.8.38

busy-dusk-4970

07/27/2022, 4:27 PM

I think its because they are not on the same network

better-orange-49102

07/27/2022, 4:28 PM

i visit http://172.19.0.1:9002 on my browser, it doesnt work if its localhost

better-orange-49102

07/27/2022, 4:28 PM

keycloak container also needs to be on the same network for me

busy-dusk-4970

07/27/2022, 4:29 PM

I just added keycloak to the datahub_network and it still doesn't work 🥴

busy-dusk-4970

07/27/2022, 4:41 PM

@big-carpet-38439 can you provide any feedback on what to try to debug this? 🙏

5 Views

Open in Slack

Previous Next