MirtoBusico commented on issue #9628:
URL: https://github.com/apache/apisix/issues/9628#issuecomment-1644103227
Hi @Sn0rt
I'm a little confused. For me it is difficult to follow instructions given
directly to admin api: I always used the Apisix Dashboard.
In my framework using HTTPS, a private CA, Apisix with Istio installed in a
Kubernetes cluster **everything works correctly** using:
- Apisix 2.15.2
- Apisix-dashboard 2.15.0
- Keycloak 21.1.1
Apisix was installed via helm chart with this command
```
helm install apisix apisix/apisix --version 0.13.1 -f apisix-values.yaml \
--set ingress-controller.config.apisix.serviceNamespace=apisix \
--set ingress-controller.config.apisix.serviceName=apisix-admin \
--set
ingress-controller.config.kubernetes.apisixRouteVersion=apisix.apache.org/v2beta3
\
--namespace apisix
```
The changes in apisix-values.yaml from the default values.yaml are
```
sysop@hdev:~/H/software/apisisx$ diff apisix-values.yaml values.yaml
173c173
< type: LoadBalancer
---
> type: NodePort
190c190
< enabled: true
---
> enabled: false
194c194
< existingCASecret: "hservcacert"
---
> existingCASecret: ""
196c196
< certCAFilename: "cert"
---
> certCAFilename: ""
370,375c370
< enabled: true
< registry:
< dns:
< servers:
< - "10.43.0.10:53"
<
---
> enabled: false
466d460
< set $session_secret 0123456789a5bac9bb3c868ec8b202e93;
537c531
< enabled: true
---
> enabled: false
540c534
< enabled: true
---
> enabled: false
sysop@hdev:~/H/software/apisisx$
```
The openid-connect plugin definition (inserted through the Apisix Dashboard)
is
```
{
"client_id":"hcadmins",
"client_secret":"08Xq1Av0txM0L06d0xdBTTjqgKica5C6",
"discovery":"https://k6k.h.net/realms/hcluster_admins/.well-known/openid-configuration";,
"scope":"openid profile",
"bearer_only":false,
"realm":"hcluster_admins",
"introspection_endpoint_auth_method":"client_secret_post",
"redirect_uri":"https://apisix.h.net/*";,
"access_token_in_authorization_header":true,
"logout_path":"/logout"
}
```
To replicate my framework the instructions are in this [blog
post](https://apisix.apache.org/blog/2023/01/02/accessing_apisix-dashboard_from_everywhere_with_keycloak_authentication/#prerequisites)
but the keycloak screens are different due to a different keycloak version.
I Only have the problem if, in my framework, I use
- Keycloak 21.1.1
- Apisix 3.3.0
- APISIX Dashboard 3.0.0
To summarize:
- Keycloak 21.x + Apisix 2.x --> Works correctly
- Keycloak 21.x + Apisix 3.x --> get openid-connect error
How can I help you?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
