Hello owncloud community,
I need some help with getting keycloak to work with my owncloud. Both are running in local docker containers. The login with keycloak seems to be working, but after that i get redirected to this error message:
I already read:
- www.doc.owncloud. com/server/10.12/admin_manual/configuration/user/oidc/oidc.html
- www.keycloak. org/server/containers
- www.keycloak. org/getting-started/getting-started-docker
but could not find the answer I am looking for.
My setup
owncloud container stack
version: "3"
volumes:
files:
driver: local
mysql:
driver: local
redis:
driver: local
mysql_data:
driver: local
services:
owncloud:
image: owncloud/server:${OWNCLOUD_VERSION}
container_name: owncloud_server
restart: always
ports:
- ${HTTP_PORT}:8080
depends_on:
- mariadb
- redis
environment:
- OWNCLOUD_DOMAIN=${OWNCLOUD_DOMAIN}
- OWNCLOUD_TRUSTED_DOMAINS=${OWNCLOUD_TRUSTED_DOMAINS}
- OWNCLOUD_DB_TYPE=mysql
- OWNCLOUD_DB_NAME=owncloud
- OWNCLOUD_DB_USERNAME=owncloud
- OWNCLOUD_DB_PASSWORD=owncloud
- OWNCLOUD_DB_HOST=mariadb
- OWNCLOUD_ADMIN_USERNAME=${ADMIN_USERNAME}
- OWNCLOUD_ADMIN_PASSWORD=${ADMIN_PASSWORD}
- OWNCLOUD_MYSQL_UTF8MB4=true
- OWNCLOUD_REDIS_ENABLED=true
- OWNCLOUD_REDIS_HOST=redis
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- ./Data:/mnt/data
mariadb:
image: mariadb:10.6 # minimum required ownCloud version is 10.9
container_name: owncloud_mariadb
restart: always
environment:
- MYSQL_ROOT_PASSWORD=owncloud
- MYSQL_USER=owncloud
- MYSQL_PASSWORD=owncloud
- MYSQL_DATABASE=owncloud
command: ["--max-allowed-packet=128M", "--innodb-log-file-size=64M"]
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=owncloud"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- mysql:/var/lib/mysql
redis:
image: redis:6
container_name: owncloud_redis
restart: always
command: ["--databases", "1"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- redis:/data
phpmyadmin:
image: phpmyadmin
restart: always
ports:
- 8081:80
environment:
PMA_HOST: mariadb
Key cloak stack
version: '3'
volumes:
mysql_data:
driver: local
services:
mysql_keycloack:
image: mysql:5.7
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql_keycloack
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: Pa55w0rd
entrypoint: ["/opt/keycloak/bin/kc.sh", "start-dev"]
ports:
- 8080:8080
depends_on:
- mysql_keycloack
owncloud config.php
<?php
$CONFIG = array (
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/owncloud/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/owncloud/custom',
'url' => '/custom',
'writable' => true,
),
),
'trusted_domains' =>
array (
0 => 'localhost',
),
'datadirectory' => '/mnt/data/files',
'dbtype' => 'mysql',
'dbhost' => 'mariadb:3306',
'dbname' => 'owncloud',
'dbuser' => 'owncloud',
'dbpassword' => 'owncloud',
'dbtableprefix' => 'oc_',
'log_type' => 'owncloud',
'supportedDatabases' =>
array (
0 => 'sqlite',
1 => 'mysql',
2 => 'pgsql',
),
'upgrade.disable-web' => true,
'default_language' => 'en',
'overwrite.cli.url' => 'http://localhost:80/',
'htaccess.RewriteBase' => '/',
'logfile' => '/mnt/data/files/owncloud.log',
'memcache.local' => '\\OC\\Memcache\\APCu',
'mysql.utf8mb4' => true,
'filelocking.enabled' => true,
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'port' => '6379',
),
'passwordsalt' => 'HStQjKHhYPhswkacepdHnJiUqYnPZe',
'secret' => 'kBFLabGy6RVy+8ssor9qb2hTjOoWDgwMPdCD9rSzl77wETpP',
'version' => '10.12.2.1',
'allow_user_to_change_mail_address' => '',
'logtimezone' => 'UTC',
'installed' => true,
'instanceid' => 'ocomuz996pbi',
'openid-connect' => [
'provider-url' => 'http://localhost:8080/realms/owncloud',
'client-id' => 'owncloud',
'client-secret' => 'FL8fxVF6IVWKci89k2mzxHkipOjIoJD6',
'loginButtonName' => 'OpenId Connect',
'post_logout_redirect_uri' => 'http://localhost',
'scopes' => [],
'mode' => 'userid',
'provider-params' => [
'issuer' => 'http://localhost:8080/realms/owncloud',
'authorization_endpoint' => 'http://localhost:8080/realms/owncloud/protocol/openid-connect/auth',
'token_endpoint' => 'http://localhost:8080/realms/owncloud/protocol/openid-connect/token',
'token_endpoint_auth_methods_supported' => '[
"private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
]',
'userinfo_endpoint' => 'http://localhost:8080/realms/owncloud/protocol/openid-connect/userinfo',
'registration_endpoint' => 'http://localhost:8080/realms/owncloud/clients-registrations/openid-connect',
'end_session_endpoint' => 'http://localhost:8080/realms/owncloud/protocol/openid-connect/logout',
'jwks_uri' => 'http://localhost:8080/realms/owncloud/protocol/openid-connect/certs',
],
],
);
I installed the OpenID Connect plugin from the market.
I added a user named ‘testuser’ with the same password in owncloud and keycloak.
Because the error message says: “Error in OpenIdConnect:User did not authorize openid scope.” I added the client scope “openid” because I could not find one with that name.
Where did i go wrong?
Which settings do I need to tweak in oder to make it work?