dolibarr
dolibarr copied to clipboard
Dolibarr
Issue with OpenID connect
Bug
Hi,
So cool that OpenID is finally here :)
But I had to modify the code to get it working ...
So I set up my Keycloak client and in logs when I try to log in I got "Error bad hostname IP (IP is a local IP). Must be an external URL." After some digging I found that the isIPAllowed() function used in getURLContent() functio used line 70 and 77 of htdocs/core/login/functions_openid_connect.php raised 'Error bad hostname IP (IP is a local IP). Must be an external URL.' error.
My changes :
$token_response = getURLContent($conf->global->MAIN_AUTHENTICATION_OIDC_TOKEN_URL, 'POST', http_build_query($auth_param));
to
$token_response = getURLContent($conf->global->MAIN_AUTHENTICATION_OIDC_TOKEN_URL, 'POST', http_build_query($auth_param),1,array(),array('http', 'https'), 2);
and
$userinfo_response = getURLContent($conf->global->MAIN_AUTHENTICATION_OIDC_USERINFO_URL, 'GET', '', 1, $userinfo_headers);
to
$userinfo_response = getURLContent($conf->global->MAIN_AUTHENTICATION_OIDC_USERINFO_URL, 'GET', '', 1, $userinfo_headers, array('http', 'https'), 2);
The solution comes from "$localurl" parameter forced to value 2.
Some informations :
I guess the problem comes from my architecture :
- Keycloak and Dolibarr are installed on separated LXC containers in Proxmox.
- A Nginx reverse proxy routes the HTTP/HTTPS traffic.
- In Dolibarr I use https://auth.mydomain/.... URLs for the configuration.
- Reverse Proxy manage HTTPS from IN traffic, and use HTTP with containers.
So we have :
Keycloak <---> Nginx Reverse <---> Dolibarr
Regards
Environment Version
18.0.1
Environment OS
Alpine
Environment Web server
Nginx
Environment PHP
8.0.25
Environment Database
MySQL
Environment URL(s)
No response
Expected and actual behavior
No response
Steps to reproduce the behavior
No response
Attached files
No response
Hi, I am student and I have the same problem. Thanks for the solutions. But I have a question, why this bug is not yet implemented in Dolibarr?
