OpenID authentication (vs Keycloak instance) - Axelor Open Suite


I have read everything I found about SSO, OpenID, OAuth, etc in the developer guide. But I still can’t find how to enable this feature and some help would be very welcome.

I am trying to authenticate against a Keycloak instance. The Keycloak instance is working fine since I already have a wordpress instance enroled and configured and everything works fine.

I have configured auth.provider.* properties in
This file is properly taken into account (since the Title of the application that I set is reflected on the browser title when I browse to the /axelor/ page)…

Any idea, or check list that I could go thru to understand why I can’t ask for OpenID login ?

Best regards.

Did you get it working? I can not get it to work either.


No news or answer from anyone but you…

I have tried to digg into the source code but I haven’t found any clue so far.


We upgraded to 7.0.3 and we can now login via Keycloak.
We are seeing the occasional 401 http errors though. Not sure if related to SSO yet.


By any chance, did one of you figured out how to implement the SSO with OpenID Connect ?

Personally when I’m trying to connect with Azure AD I got this error :

ERROR 1 --- [io-8080-exec-11] com.axelor.auth.pac4j.ErrorHandler : com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found

Yes. OpenID with Keycloak. Was pretty standard basic minimal config on Keycloak end and no special Axelor config other than the standard 4 lines. Only on Axelor 7.0.3. Didn’t work for v5 or v6.