[Resolved] Owncloud vs Keycloak : The provider issuer could not be fetched

Server
1

Hello
I have :

  • a Ubuntu VM with Owncloud 10.9.1
  • a Ubuntu VM with keycloak 17.0.0

I have install the openId App in owncloud.
And I am trying to connect openId connect to my keycloak that works fine with grafana
When trying to select the openId connect button I arrive in a owncloud page error that says :

Error in OpenIdConnect:The provider issuer could not be fetched. Make sure your provider has a well known configuration available.

in the owncloud config.php I have the folowing conf I have the following conf :

  'provider-params' => [
    'authorization_endpoint' => 'https://auth.myDomain.net/realms/myRealms/protocol/openid-connect/auth',
    'token_endpoint' => 'https://auth.myDomain.net/realms/myRealms/protocol/openid-connect/token',
    'token_endpoint_auth_methods_supported' => ["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],
    'token_introspection_endpoint' => 'https://auth.myDomain.net/realms/myRealms/protocol/openid-connect/token/introspect',
    'userinfo_endpoint' => 'https://auth.myDomain.net/realms/myRealms/protocol/openid-connect/userinfo',
    'registration_endpoint' => 'https://auth.myDomain.net/realms/myRealms/clients-registrations/openid-connect',
    'end_session_endpoint' => 'https://auth.myDomain.net/realms/myRealms/protocol/openid-connect/logout',
    'jwks_uri' => 'https://auth.myDomain.net/realms/myRealms/protocol/openid-connect/certs'
  ]

For information on the keycloak side I put a client conf almost as the grafana one :

Root URL https://owncloud.myDomain.net
“star” Valid Redirect URIs https://owncloud.myDomain.net/"star
Base URL https://owncloud.myDomain.net/
Admin URL https://owncloud.myDomain.net/
Web Origins https://owncloud.myDomain.net

any idea of the problem in my conf ?

Thanks for help

2

With the folowing command I get the “issuer” address :

curl -X GET https://auth.myDomain.net/realms/myRealm/.well-known/uma2-configuration

I change the “provider-params” in config.php accordingly and get :

  'provider-params' => [
      'issuer' => 'https://auth.myDomain.net/realms/myRealm',
      'authorization_endpoint' => 'https://auth.myDomain.net/realms/myRealm/protocol/openid-connect/auth',
      'token_endpoint' => 'https://auth.myDomain.net/realms/myRealm/protocol/openid-connect/token',
      'introspection_endpoint' => 'https://auth.myDomain.net/realms/myRealm/protocol/openid-connect/token/introspect',
      'end_session_endpoint' => 'https://auth.myDomain.net/realms/myRealm/protocol/openid-connect/logout',
      'frontchannel_logout_session_supported' => true,
      'frontchannel_logout_supported' => true,
      'jwks_uri' => 'https://auth.myDomain.net/realms/myRealm/protocol/openid-connect/certs',
      'grant_types_supported' => ['authorization_code','implicit','refresh_token','password','client_credentials','urn:ietf:params:oauth:grant-type:device_code','urn:openid:params:grant-type:ciba'],
      'response_types_supported' => ['code','none','id_token','token','id_token token','code id_token','code token','code id_token token'],
      'response_modes_supported' => ['query','fragment','form_post','query.jwt','fragment.jwt','form_post.jwt','jwt'],
      'registration_endpoint' => 'https://auth.myDomain.net/realms/myRealm/clients-registrations/openid-connect',
      'token_endpoint_auth_methods_supported' => ['private_key_jwt','client_secret_basic','client_secret_post','tls_client_auth','client_secret_jwt'],
      'token_endpoint_auth_signing_alg_values_supported' => ['PS384','ES384','RS384','HS256','HS512','ES256','RS256','HS384','ES512','PS256','PS512','RS512'],
      'scopes_supported' => ['openid','offline_access','microprofile-jwt','roles','phone','web-origins','email','profile','address'],
      'resource_registration_endpoint' => 'https://auth.myDomain.net/realms/myRealm/authz/protection/resource_set',
      'permission_endpoint' => 'https://auth.myDomain.net/realms/myRealm/authz/protection/permission',
      'policy_endpoint' => 'https://auth.myDomain.net/realms/myRealm/authz/protection/uma-policy'
  ]

And it is better.
I can access to keycloak auth page.
But when validating the access keycloak return to a owncloud page that had an error…

The provider userinfo_endpoint could not be fetched. Make sure your provider has a well known configuration available

I had to add the following line in config.php to make it work!

‘userinfo_endpoint’ => ‘https://auth.myDomain.net/realms/myRealm/protocol/openid-connect/userinfo’,

:slight_smile: post resolved!

2 Likes
4

??
You go to the app menu and select it….
Not sure to understand the question

5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.