I have installed keycloack openid and configured it with rocket.chat using oath. I followed the guide in the documentation all the configurations are 100% correct yet i cant make it to work.
Steps to reproduce the issue:
Go to rocketchat home page (localhost:3000) .
Press login using keycloack .
enter keycloack credentials (username/password)
After that i am getting an undefined error on top right corner.
See error logs below
Server Setup Information
Version of Rocket.Chat Server: Latest
Operating System: ubuntu 16.04
Deployment Method: snaps
Number of Running Instances: 1
DB Replicaset Oplog: snaps latest
NodeJS Version: snaps latest
MongoDB Version: snaps latest
Proxy: snaps didnt touch anything
Firewalls involved: localhost idk
Any additional Information
The error logs on rocket.chat are redirect uri is not valid.
My redirect uri on keycloack is set to http://localhost:3000/*
I have everything correctly yet i can’t make this work and it’s driven me crazy.
p.s this is all installed on ubuntu 16.04 localhost using snaps.
It looks good to me. Could you share your rocket chat logs + HAR file of whole login process from your browser (keep in mind: some your password may be recorded in the HAR file), pls?
You have to persist logs in the network console. Browser is redirected between Keycloak/Rocket Chat - I want to see all those redirects (and other requests around) in HAR file:
Nope, HAR file is not OK. Let’s try different - paste the Keycloak URL (whole all parameters), where you are redirected for the login and where do you see login form. Example, to give you idea what I’m expecting:
That one must be used also when Rocker Chat is exchanging code for the token:
You may see which redirect URL was actually used in the Keycloak logs.
I just guess, you didn’t configure ROOT_URL env variable as http://localhost:3000 or Site URL is different as http://localhost:3000 or something else (especially if it is behind reverse proxy, LB, …).
No reverse proxy or anything this is just a pure install using snaps and nothing has change .
Maybe it has something to do with it being on localhost and not on a production env . i know keycloack works because i have set up nextcloud as well on this env and it works fine .
ROOT_URL is env variable for Rocket Chat, not for the Keycloak. And that also just guess.
There is nothing wrong with the Keycloak configuration or with the used OIDC client configuration.
Sniff http traffic to keycloak to token exchange (tcpdump, wireshark, … ) and find which redirect_uri is used by the rocket chat, when rocket chat is calling Keycloak token endpoint.
I set it up in a live server and i am getting the same exact issue.
Can someone please help me , what do i do wrong ?
This is how my redirect URL looks like :(it’s example) http://55.43.234.23:3000/*
or even http://55.43.234.23:3000/_oauth/key
nothing works.
I have no idea why it doesn’t work .
On the official documentation it says http:localhost:3000/* well http: and not http:// doesn’t work for me i get invalid url on keycloack log in.
if i change in rockethcat settgings pop up to be redirect i get this :
W20210201-17:59:31.839(0) (oauth_server.js:403) Error in OAuth Server: redirectUrl (http://xxxxxxxxxxxx.58:3000/home) is not on the same host as the app (http://localhost/)
.