Environment:
UI/Application - Python/Django (v2.2)
OpenID Connect - mozilla-django-oidc==1.2.4
Keycloak v12.0.4
My UI and Keycloak are both running in a Kubernetes cluster (v1.21.1), and communication is facilitated via a Kubernetes Service (LoadBalancer)
Services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
trolleye-commandcenter-ui-svc LoadBalancer 10.108.23.251 <pending> 443:30901/TCP 3d8h 17d
trolleye-keycloak-svc LoadBalancer 10.102.239.67 <pending> 8080:32355/TCP,8443:30944/TCP 15d
PODS
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
trolleye-commandcenter-ui-7594df9cb7-8dh2z 1/1 Running 0 127m 192.168.230.40 k8s- worker-1 <none> <none>
trolleye-keycloak-75d57744df-9h5g5 1/1 Running 1 4d7h 192.168.230.29 k8s-worker-1 <none> <none>
I’m able to log in and successfully perform MFA. But when I get redirected back to oidc/callback/
the Mozilla client fails with the following error:
401 Client Error: Unauthorized for url: https://trolleye-keycloak-svc:8443/auth/realms/trolleye/protocol/openid-connect/userinfo
Keycloak shows the following error:
21:05:01,826 WARN [org.keycloak.events] (default task-18) type=USER_INFO_REQUEST_ERROR, realmId=trolleye, clientId=null, userId=null, ipAddress=192.168.230.40, error=invalid_token, auth_method=validate_access_token
I’m not sure where to go from here, or what else I could do to troubleshoot this. Any help is greatly appreciated.
Thank you!