-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
SSO is broken with Keycloak #11107
Comments
There's some changes around v1.27.0 and v1.29.0 that might affect this: https://matrix-org.github.io/synapse/latest/upgrade#upgrading-to-v1290 The logs look like a redirect loop, so maybe double check that your |
@clokep |
@Starz0r |
That doesn't make any sense, if it were misconfigured, I don't think my instance would be working at all, right? Currently, in my public_baseurl: "matrix.domain.tld" Which looks to be correct. |
I think you need to include the protocol in the If that doesn't resolve the problem, I think your best bet for pinning down the problem is the room |
also: do make sure that your reverse-proxy is correctly passing through an |
@DMRobertson That did not seem to resolve the issue, just sent the device into an infinite redirect loop. @richvdh Already being done I believe by the Ingress. |
Sounds like this #10492 |
That is a closely related, but not entirely relevant, issue to the problem I'm having. My issue isn't directly related to a redirect loop at all. |
@DMRobertson I did try that as well combied with |
Updated to https://github.com/matrix-org/synapse/releases/tag/v1.45.1, and the issue no longer seems to happen. However, I do get a different issue with it not entering to the right account and creating an entirely new one because the other might have already been reserved? I'll create a new issue with this problem if I can't find the proper documentation to resolve it. |
Description
Keycloak SSO logins seem to have been broken since v1.36.0. So far I've configured them per the documentation, but they haven't seem to work, and the last I've heard of them working is v1.27.0.
Steps to reproduce
This is really odd considering others have claimed that it has worked before, but it seems to no longer work now? Only posing the relevant information from my config, but it seems pretty straightforward in setup at first:
By setting this up, a new button appears when trying to login to my homeserver, this lets you login from the OpenID Connect provider instead. However, pressing this button just brings you to a page on the homeserver that says
Which seems weird, I've seen this error before.
Pairing this with the logs from the homeserver:
Perhaps, is Synapse by chance ignoring part of the config and accepting everything else? The button can only come up if the relevant parts related to SSO are configured, but it then turns around and says "We cannot handle this type of request here"? Which is odd considering that the button to sign in from SSO is there, but it doesn't get handled properly by the homeserver. Is there something I'm missing that is supposed to be connecting these two, or is it just a bug?
Version information
Homeserver: Personal homeserver.
Version: Synapse 1.44.0 / Python 3.8.12
Install method: Docker Hub
Platform: Kubernetes
The text was updated successfully, but these errors were encountered: