OpenID authentication (vs Keycloak instance) - Axelor Open Suite

felahdab · Mars 23, 2023, 8:57

Hi,

I have read everything I found about SSO, OpenID, OAuth, etc in the developer guide. But I still can’t find how to enable this feature and some help would be very welcome.

I am trying to authenticate against a Keycloak instance. The Keycloak instance is working fine since I already have a wordpress instance enroled and configured and everything works fine.

I have configured auth.provider.* properties in application.properties.
This file is properly taken into account (since the Title of the application that I set is reflected on the browser title when I browse to the /axelor/ page)…

Any idea, or check list that I could go thru to understand why I can’t ask for OpenID login ?

Best regards.
Florian.

michaeld-emrge · Avril 9, 2023, 10:56

Did you get it working? I can not get it to work either.

felahdab · Avril 12, 2023, 11:36

Hi.

No.
No news or answer from anyone but you…

I have tried to digg into the source code but I haven’t found any clue so far.

Regards.
Florian.

michaeld-emrge · Juin 15, 2023, 5:30

We upgraded to 7.0.3 and we can now login via Keycloak.
We are seeing the occasional 401 http errors though. Not sure if related to SSO yet.

omaro · Juillet 10, 2023, 1:13

Hi!

By any chance, did one of you figured out how to implement the SSO with OpenID Connect ?

Personally when I’m trying to connect with Azure AD I got this error :

ERROR 1 --- [io-8080-exec-11] com.axelor.auth.pac4j.ErrorHandler : com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found

michaeld-emrge · Juillet 12, 2023, 3:03

Yes. OpenID with Keycloak. Was pretty standard basic minimal config on Keycloak end and no special Axelor config other than the standard 4 lines. Only on Axelor 7.0.3. Didn’t work for v5 or v6.