dashy
dashy copied to clipboard
Lissy93
[BUG] Infinite loop with Keycloak 21.0.1
Environment
Self-Hosted (Docker)
System
No response
Version
2.1.0
Describe the problem
After i was forced to recreate my container due to the whole Authentication not working with 2.1.1, i found out that with keycloak 21.0.1 and Dashy 2.1.0 the app gets in an Infinite cycle loading due to the token endpoint returning 401 after logging in.
This might be due to a misconfiguration on keycloak side but in any case the app should never just endless refresh on an Authentication error.
Additional info
Please tick the boxes
- [X] You have explained the issue clearly, and included all relevant info
- [X] You are using a supported version of Dashy
- [X] You've checked that this issue hasn't already been raised
- [X] You've checked the docs and troubleshooting guide
- [X] You agree to the code of conduct
If you're enjoying Dashy, consider dropping us a ⭐
🤖 I'm a bot, and this message was automated
This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.
I thought I could research this bug: I updated the keycloak-js to the latest one, 21.0.2, with no success. The events in keycloak show some errors, I attach a screenshot:
I have other apps that login with keycloak and they work correctly. However, I don't think they implement something keycloak specific, just generic oidc stuff. This is the query to the keycloak server of one of them, vikunja
https://auth.lan:8443/realms/zuhause/protocol/openid-connect/auth?client_id=vikunja&redirect_uri=https://projekt.lan/auth/openid/keycloak&response_type=code&scope=openid email profile&state=ysuarxd4iha
Dashy first (successfully, 200) tries to call this:
https://auth.lan:8443/realms/zuhause/protocol/openid-connect/3p-cookies/step1.html
Then this, and keycloak returns a 302:
https://auth.lan:8443/realms/zuhause/protocol/openid-connect/auth?client_id=dashy&redirect_uri=http%3A%2F%2Fzuhause.lan%3A4000%2F&state=3eec92a5-008e-4857-8251-cab38ae69a0f&response_mode=fragment&response_type=code&scope=openid&nonce=1d96b9f0-7d64-4231-8981-08fadf1e4f90
Then it loads some icons and css and stuff, and dashy tries to communicate again with the keycloak server, this one getting a 401 and reloading again in an infinite loop:
https://auth.lan:8443/realms/zuhause/protocol/openid-connect/token
Legend:
- keycloak server: https://auth.lan:8443
- keycloak realm: zuhause
- vikunja server: https://projekte.lan
- dashy server: http://zuhause.lan:4000
Of course, it was my fault. I had set Client authentication in the config of the keycloak config. Now it's off, and working. Maybe a working config of the client would be useful for the documentation?
If you can post an example of a working client it would be nice. Actually running dashy 2.1.0 + keycloak 21.0.2 and i'm facing the same problem The client is configured with Client authentication and Standard Flow
Sorry for the late reply. Config, assuming that the dashy URI is dashy.example.com:
Root URL: https://dashy.example.com/ Home URL: https://dashy.example.com Valid redirect URIs: https://dashy.example.com/* Web origins: https://dashy.example.com
Capability config: everything off/unchecked except "Standard flow", "Direct access grants" and "Implicit flow"
I didn't touch anything else.
No wories. I've tested with your settings but it's still looping on the auth.
From the keycloak side in the event logs everything is ok.
Did you add specific roles in the keycloak client config ?
Did you rebuild the container or did you use it for the docker hub ?
This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.
This issue was automatically closed because it has been stalled for over 6 weeks with no activity.