netbird icon indicating copy to clipboard operation
netbird copied to clipboard

Published 20 hours ago verified publisher icon netbirdio

Netbird client cant't connect use keycloack

Open tapokshot opened this issue 4 months ago • 0 comments

Describe the problem

Netbird client cant't connect to vpn use keycloack. When i try to connect i get an error

Please do the SSO login in your browser.    
If your browser didn't open automatically, use this URL to log in:  
  
https://<keycloak_-host>/realms/netbird/device?user_code=<some-code>   
-->> after login in keycloak
Error: waiting sso login failed with: rpc error: code = Unknown desc = validate access token failed with error: invalid JWT token audience field

Some logs from /var/log/netbird# tail -f client.log


2025-06-23T11:02:24+03:00 DEBG client/internal/statemanager/manager.go:298: state file does not exist  
2025-06-23T11:02:24+03:00 INFO client/internal/config.go:364: switching Network Monitor to false  
2025-06-23T11:02:24+03:00 INFO client/internal/config.go:498: disabling notifications  
2025-06-23T11:02:24+03:00 DEBG client/internal/login.go:94: connecting to the Management service https://my-valid-netbird-domain:443  
2025-06-23T11:02:24+03:00 DEBG util/net/dialer_dial.go:52: Dialing tcp my-valid-netbird-domain:443  
2025-06-23T11:02:24+03:00 DEBG client/internal/login.go:64: connected to the Management service https://my-valid-netbird-domain:443  
2025-06-23T11:02:24+03:00 ERRO management/client/grpc.go:349: failed to login to Management Service: rpc error: code = PermissionDenied desc = no peer auth method provided, please use a setup key or interactive SSO login  
2025-06-23T11:02:24+03:00 DEBG client/internal/login.go:73: peer registration required  
2025-06-23T11:02:24+03:00 WARN client/server/server.go:268: failed login: rpc error: code = InvalidArgument desc = invalid setup-key or no sso information provided, err: invalid UUID length: 0  
2025-06-23T11:02:24+03:00 DEBG client/internal/pkce_auth.go:63: connecting to Management Service https://my-valid-netbird-domain:443  
2025-06-23T11:02:24+03:00 DEBG util/net/dialer_dial.go:52: Dialing tcp my-valid-netbird-domain:443  
2025-06-23T11:02:25+03:00 DEBG client/internal/pkce_auth.go:69: connected to the Management service https://my-valid-netbird-domain:443  
2025-06-23T11:02:25+03:00 WARN client/internal/pkce_auth.go:87: server couldn't find pkce flow, contact admin: rpc error: code = NotFound desc = no pkce authorization flow information available  
2025-06-23T11:02:25+03:00 DEBG client/internal/auth/oauth.go:75: failed to initialize pkce authentication with error: getting pkce authorization flow info failed with error: rpc error: code = NotFound desc = no pkce authorizati  
on flow information available  
  
2025-06-23T11:02:25+03:00 DEBG client/internal/auth/oauth.go:76: falling back to device code flow  
2025-06-23T11:02:25+03:00 DEBG client/internal/device_auth.go:57: connecting to Management Service https://my-valid-netbird-domain:443  
2025-06-23T11:02:25+03:00 DEBG util/net/dialer_dial.go:52: Dialing tcp my-valid-netbird-domain:443  
2025-06-23T11:02:25+03:00 DEBG client/internal/device_auth.go:63: connected to the Management service https://my-valid-netbird-domain:443  
2025-06-23T11:02:25+03:00 DEBG client/internal/auth/device_flow.go:69: Using system certificate pool.  
2025-06-23T11:02:25+03:00 WARN client/server/server.go:476: canceling previous waiting execution  
2025-06-23T11:02:30+03:00 ERRO client/server/server.go:576: waiting for browser login failed: validate access token failed with error: invalid JWT token audience field

Log on netbird server:

2025-06-23T07:52:38Z WARN [context: GRPC, requestID: , accountID: UNKNOWN, peerID: ] management/server/grpcserver.go:486: failed logging in peer : no peer auth method provided, please use a setup key or interactive SSO login

Log on keycloak can't show, but there without error

Other things like login in dashboard use keycloak works

To Reproduce

Steps to reproduce the behavior:

  1. Install netbird in k8s use https://artifacthub.io/packages/helm/jaconi/netbird
  2. Setup with keycloak with instruction https://docs.netbird.io/selfhosted/identity-providers#keycloak
  3. try to connect

Expected behavior just work

Are you using NetBird Cloud? No. Use selfhosted in k8s. Image version: netbirdio/management:0.47.2

NetBird version

0.47.2

Is any other VPN software installed?

no

Debug output

Can't do this because

Error: failed to up: up already in progress: current status LoginFailed

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

Have you tried these troubleshooting steps?

  • [x] Reviewed client troubleshooting (if applicable)
  • [x] Checked for newer NetBird versions
  • [x] Searched for similar issues on GitHub (including closed ones)
  • [x] Restarted the NetBird client
  • [x] Disabled other VPN software
  • [x] Checked firewall settings

tapokshot avatar Jun 23 '25 08:06 tapokshot