Hello,
I’m sorry I know this is a really vague question but I really don’t know what to do.
I got an owncloud and a keycloak instance running in docker behind a nginx reverse proxy. On the docker host machine I can connect with the owncloud instance using the desktop client. After providing the Server URL I click “Open Browser” and I’m redirected to:
https://login.[Domain].cc/realms/[Realm]/protocol/openid-connect/auth?response_type=code&client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&redirect_uri=http://127.0.0.1:50888&code_challenge=WRS5VWYYdoRt6YVH2Xun8UJQuXTS1Gumm5GDI58CqjI&code_challenge_method=S256&scope=openid%20offline_access%20email%20profile&prompt=select_account%20consent&state=lkRLZ_TWHCdzhY7v3wBTDtN79QZmZcJe6uMfRrDbXH0%3D
login.[Domain].cc being the keycloak url.
Now I log in using my keycloak credentials. “You are all set!” No problem.
If I try the same thing on another machine I’m initially redirected to:
https://cloud.[Domain].cc/index.php/apps/oauth2/authorize?response_type=code&client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&redirect_uri=http://localhost:28690&code_challenge=uoKWSGIJu2lNV_J02uAdgFiAN0NE0LtVqbTIRkW_Nzk&code_challenge_method=S256&scope=openid%20offline_access%20email%20profile&prompt=select_account%20consent&state=tdzcLTlNqHZFXw0CvlfvDhP-4cbHagjEfrTSOPhaab4%3D
and then to https://cloud.[Domain].cc/login
and greeted with the owncloud login. If I provide my credentials here I’m logged in in the browser but the desktop client is not.
I’m running owncloud server 10.12.2.
open-idconnect part of my owncloud config.php:
'openid-connect' =>
array (
'provider-url' => 'https://login.[Domain].cc/realms/[Realm]',
'client-id' => 'owncloud',
'client-secret' => 'XmSRcb8KW69RtVa5Xaz4ev3ZbbQlUS00',
'loginButtonName' => 'Login',
'post_logout_redirect_uri' => 'https://cloud.[Domain].cc',
'search-attribute' => 'preferred_username',
'mode' => 'userid',
'provider-params' =>
array (
'authorization_endpoint' => 'https://login.[Domain].cc/realms/[Realm]/protocol/openid-connect/auth',
'token_endpoint' => 'https://login.[Domain].cc/realms/[Realm]/protocol/openid-connect/token',
'introspection_endpoint' => 'https://login.[Domain].cc/realms/[Realm]/protocol/openid-connect/token/introspect',
'token_endpoint_auth_methods_supported' => '[
"private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
]',
'userinfo_endpoint' => 'https://login.[Domain].cc/realms/[Realm]/protocol/openid-connect/userinfo',
'registration_endpoint' => 'https://login.[Domain].cc/realms/[Realm]/clients-registrations/openid-connect',
'end_session_endpoint' => 'https://login.[Domain].cc/realms/[Realm]/protocol/openid-connect/logout?client_id=owncloud',
'jwks_uri' => 'https://login.[Domain].cc/realms/[Realm]/protocol/openid-connect/certs',
),
'auto-provision' =>
array (
'enabled' => true,
'email-claim' => 'email',
'display-name-claim' => 'given_name',
'picture-claim' => 'picture',
'groups' =>
array (
0 => 'everyone',
),
),
),