Hi. I have a Kubeflow setup in our K8s cluster and am attempting to configure the Dex portion of Kubeflow to use Keycloak as an OIDC provider and am having some issues with the redirection.
We have an Istio ingress set up so that we can connect to https ourcluster dot example dot com and it gets routed to the Dex login page where we can select the different authentication methods (like LDAP or Keycloak)
Inside of the Dex configuration, there is a RedirectURI option which seems to want/need to be set to: http-dex.auth.svc.cluster.local:5556/dex/callback
Inside of my Keycloak client configuration, I set the RedirectURI to this, and when I go to our https ourcluster dot example dot com URL, I am sent to the Keycloak login screen (good start), but when I log in, I can’t connect back properly to Dex because Keycloak uses the RedirectURI that we had which is an internal K8s entity. (for example: dex.auth.svc.cluster.local:5556/dex/callback?state=ybwtpb2jebjvi6akl6zzl45bo&session_state=f1896617-c415-4b5f-bb0c-241e8a21e70e&code=7b9fbed8-3a59-4da3-8530-f97b5edf8ea6.f1896617-c415-4b5f-bb0c-241e8a21e70e.828bc905-ffed-4aa0-ba13-c7e155944c8b).
If I replace the dex.auth.svc.cluster.local:5556 with https ourcluster dot example dot com and leave the rest there, it actually works and I’m logged into Keycloak.
I guess the question I have is, is there a way to have keycloak redirect to a different url on the way out without changing the redirectURI?
Or, has anyone actually gotten this kind of setup working?
Thanks.