opencloud icon indicating copy to clipboard operation
opencloud copied to clipboard
Published 3 weeks ago verified publisher icon opencloud-eu

CLIENT_REGISTER_ERROR in keycloak

Open kellergoech opened this issue 2 months ago • 1 comments

Describe the bug

So for a while I had the error that the synchronisation with davx/radicale would fail sometimes. So I made an investigation, and found following: To get the update from/to radicale I created an app token in opencloud. This token is working (I get updates) but sometimes it fails - when I retrigger it will work without problem. So I did take a look inside the keycloak logs and I found following error: Clent_register_error Client_registration_policy Block Client Registration Error not_allowed

I use Thunderbird contact/calender sync.

Steps to reproduce

  1. Setup radicale with domain
  2. Setup up an Account with 2FA
  3. Generate app token and put in thunderbird contacts/calendar (or android davx5)
  4. Restart or wait for a while
  5. Check keycloak logs

Expected behavior

No errors in keycloak log

Actual behavior

Keycloak throws error.

Setup

Downloaded the docker compose repo. Started with keycloak + radicale. Setup reverse proxy + user with 2FA.

Is there any special setup to do in keycloak for getting thos to work without error (app token for radicale)?

kellergoech avatar Oct 18 '25 21:10 kellergoech

So I did another test and found out the error is comming from the desktop client not the caldav/carddav site. I also saw a desttop client session is active but not attached to the user which is logged in via the desktop app. Do I have to set something special to get the desktop app to work with 2FA enabled on opencloud? Or does the first login have to be with an app token?

kellergoech avatar Oct 19 '25 05:10 kellergoech