I am currently in the process of setting up Keycloack (OIDC) with our Rancher enviorment.
I’m using the Ranchers this guide, but I’m having some trouble defining the parameters in Keycloack.
When I try to connect Rancher it seems like there is a problem hitting our Realm. I am pasting in the name of the realm, but it does not seem to be hitting it through the authentication process.
And I assume that it is the setup in Keycloak that is causing the issue.
As you may know, Keycloak is just an OIDC server, so nothing special about that.
But, as the Rancher form specifies “Keycloak URL” instead of the more generic “authorization endpoint” or something like “openid-connect autodiscovery url”, makes me think they may have hardcoded keycloak behaviour in there.
One hint: If using keycloak >=17 without the legacy /auth in the path, then the rancher generate code does not generate correct URLs, so use the ‘specify’ option.
Hint: rancher current does a template based url generation, but should ideally read the .well-knwon/openid-connect information from the oauth server [1].
I’m a novice at these program, so I’m trying to learn. I apologize for the perhaps very basic questions.
I’m pretty confident that I got all the right information into the Rancher form now, and it gives me this error now “Invalid parameter: redirect_uri” in Keycloak, which I am currently researching.
I did make a temporary fix using this “guide” (I know it’s a temporary fix since it leaves a major security flaw.
Now it just gives “[generic oidc]: server error while authenticating: Get “Auth Endpoint URL/.well-known/openid-configuration”: dial tcp server IP and port number: i/o timeout”