Any Sample how to configure & debug OpenID CIBA in Keycloak

I would like to use GitHub - okzk/oidc-radius to use sso for VPN

with env. Vars like this:

-e RADIUS_SECRET=“test1234”
-e CIBA_ISSUER="/realms/xxx"
-e CIBA_AUTHN_ENDBPOINT="/realms/xxx/protocol/openid-connect/ext/ciba/auth"
-e CIBA_TOKEN_ENDBPOINT="/realms/xxx/protocol/openid-connect/token"
-e CIBA_CLIENT_ID=“radius”
-e CIBA_CLIENT_SECRET=“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”

docker logs are showing this : authn failed. user: xxxx, error: Post “”: unsupported protocol scheme “”


I would try to use full url (protocol domain path) in those configs (not just path). That’s used in the first example of linked readme.


I use the full domain path but the post was restricted so I hat to cut

I am using newest 17.0.0 with tmp all features enabled so I might missed some ?

like in older versions?



@itxworks I’m using CIBA Ping mode. But I cannot figure out where I can enter the client_notification_endpoint on Admin console. Do you use PING mode ?

Hi, I used to build a go app based on those links:

In my case its a simple go radius server with userauth over jwt token …