Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

Wekan / General

Configure Keycloak and Wekan

Configure Keycloak and Wekan

Wekan / General · November 3, 2020 at 10:56am

Hey. I am trying to set up Keycloak and Wekan. I imported realm-export.json and configured docker-compose.yml. Also I created the first user (admin) with the usual way. When I try to login using OIDC, I get the error:

wekan-app | {"line":"405","file":"oauth_server.js","message":"Error in OAuth Server: Failed to get token from OIDC https://myserver.net:7443/auth/realms/tomatek/protocol/openid-connect/token: connect ECONNREFUSED 76.21.167.192:7443","time":{"$date":1604399888056},"level":"warn"}
wekan-app | Exception while invoking method 'login' Error: Failed to get token from OIDC https://myserver.net:7443/auth/realms/tomatek/protocol/openid-connect/token: connect ECONNREFUSED 76.21.167.192:7443
wekan-app | at getToken (packages/wekan-oidc.js:130:22)
wekan-app | at Object.handleOauthRequest (packages/wekan-oidc.js:29:15)
wekan-app | at OAuth._requestHandlers.<computed> (packages/oauth2/oauth2_server.js:10:33)
wekan-app | at middleware (packages/oauth/oauth_server.js:170:5)
wekan-app | at /build/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40

docker-compose.yml:

- DEBUG=true
- OAUTH2_ENABLED=true
- OAUTH2_LOGIN_STYLE=redirect
- OAUTH2_CLIENT_ID=wekan
- OAUTH2_SERVER_URL=https://myserver.net:7443/auth
- OAUTH2_AUTH_ENDPOINT=/realms/Tomatek/protocol/openid-connect/auth
- OAUTH2_USERINFO_ENDPOINT=/realms/Tomatek/protocol/openid-connect/userinfo
- OAUTH2_TOKEN_ENDPOINT=/realms/Tomatek/protocol/openid-connect/token
- OAUTH2_SECRET=352b98ff-87b9-4795-84e3-290061c05cb1
- OAUTH2_ID_MAP=preferred_username
- OAUTH2_USERNAME_MAP=preferred_username
- OAUTH2_FULLNAME_MAP=given_name
- OAUTH2_EMAIL_MAP=email

November 3, 2020 at 11:09pm

I think for OAUTH2 you should have:

  • OAUTH2_USERNAME_MAP=email
    • reply
    • like

    Anyway, I probably need to test Keycloak more later

      • reply
      • like

      November 4, 2020 at 8:17am

      I have updated OAUTH2_USERNAME_MAP = email:

      wekan-app | Meteor APM: completed instrumenting the app
      wekan-app | {"line":"87","file":"percolate_synced-cron.js","message":"SyncedCron: Scheduled \"notification_cleanup\" next run @Wed Nov 04 2020 08:04:44 GMT+0000 (Coordinated Universal Time)","time":{"$date":1604477084309},"level":"info"}
      wekan-app | (node:1) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
      wekan-app | {"line":"405","file":"oauth_server.js","message":"Error in OAuth Server: Failed to get token from OIDC https://myserver.net:7443/auth/realms/tomatek/protocol/openid-connect/token: connect ECONNREFUSED 76.21.127.132:7443","time":{"$date":1604477313070},"level":"warn"}
      wekan-app | Exception while invoking method 'login' Error: Failed to get token from OIDC https://myserver.net:7443/auth/realms/tomatek/protocol/openid-connect/token: connect ECONNREFUSED 76.21.127.132:7443
        • reply
        • like