I am trying to setup GitLab OmniAuth via openid-connect using Keycloak.
I can successfully authenticate to Keycloak. When redirecting back to Gitlab however, I get the following
I followed the docs on OmniAuth via openid-connect and set the callback url as suggested.
My GitLab runs at http://<domain>/gitlab
.
Here is the full config
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'openid_connect',
'label' => 'Keycloak',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid','profile'],
'response_type' => 'code',
'issuer' => 'http://<domain>/auth/realms//<realm>',
'discovery' => false,
'uid_field' => 'uid',
'client_auth_method' => 'query',
'send_scope_to_token_endpoint' => false,
'client_options' => {
'identifier' => 'gitlab',
'secret' => '<secret>',
'authorization_endpoint' => 'http://<domain>/auth/realms/<realm>/protocol/openid-connect/auth',
'token_endpoint' => 'http://<domain>/auth/realms/<realm>/protocol/openid-connect/token',
'userinfo_endpoint' => 'http://<domain>/auth/realms/<realm>/protocol/openid-connect/userinfo',
'redirect_uri' => 'http://<domain>/gitlab/users/auth/openid_connect/callback'
}
}
}
]
Keycloak
In Keycloak I’ve set mappers for the following attributes:
- “name”
- “email”
- “preferred_username”
Even when using *
for Valid Redirect URLs
in the client, I get the result shown above.
I am stuck with this for three days I do not see anything in the logs that could help me.
I’d highly appreciate any help!