Re: pgadmin and keycloak

Jose M Barreiro Tue, 02 Jan 2024 02:14:48 -0800

Hi Yogesh,

Thank you for your support. I have several problems with pgadmin and
keycloak. For example,


if I use OAUTH2_SERVER_METADATA_URL, I received this error ""403
Client Error: Forbidden for url:
http://keycloak.xxx.xxxx:8080/realms/iam/.well-known/openid-configuration"";

I I used your example, I received this error "

{"success":0,"errormsg":"'OAUTH2_API_BASE_URL'","info":"","result":null,"data":null}

If I use this configuration
>
> OAUTH2_CONFIG = [
>   {
>       'OAUTH2_NAME': 'keycloak',
>       'OAUTH2_DISPLAY_NAME': 'KEYCLOAK',
>       'OAUTH2_CLIENT_ID': 'pgadmin',
>       'OAUTH2_CLIENT_SECRET': 'xxxx',
>       'OAUTH2_TOKEN_URL': 
> 'http://keycloak.xxx.xxx:8080/realms/iam/protocol/openid-connect/token',
>       'OAUTH2_AUTHORIZATION_URL': 
> 'http://keycloak.xxx.xxx:8080/realms/iam/protocol/openid-connect/auth',
>       'OAUTH2_USERINFO_ENDPOINT': 
> 'http://keycloak.xxx.xxx:8080/realms/iam/protocol/openid-connect/userinfo',
>       'OAUTH2_API_BASE_URL': 'http://keycloak.xxx.xxx:8080/realms/iam',
>       'OAUTH2_ICON': 'fa-google',
>       'OAUTH2_BUTTON_COLOR': '#0000ff',
>       'OAUTH2_SCOPE': 'openid',
>       'OAUTH2_SSL_CERT_VERIFICATION': 'False',
>       'OAUTH2_ADDITIONAL_CLAIMS': {
>              'groups': ["administrators"],
>       }
>   }
> ]

I receive this error

{"success":0,"errormsg":"Expecting value: line 1 column 1 (char
0)","info":"","result":null,"data":null}

In the logs you can see
>
> 10.248.227.10 - - [02/Jan/2024:07:16:47 +0000] "POST /authenticate/login 
> HTTP/1.1" 302 791 "https://pgadmin4.apps.xxxx.xxxx.dplt/login?next=%2F"; 
> "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:120.0) Gecko/20100101 
> Firefox/120.0"
>
> 2024-01-02 07:16:48,400: ERROR pgadmin: Expecting value: line 1 column 1 
> (char 0)
> Traceback (most recent call last):
>   File "/venv/lib/python3.11/site-packages/requests/models.py", line 971, in 
> json
>     return complexjson.loads(self.text, **kwargs)
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>   File "/usr/lib/python3.11/json/__init__.py", line 346, in loads
>     return _default_decoder.decode(s)
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^
>   File "/usr/lib/python3.11/json/decoder.py", line 337, in decode
>     obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>   File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode
>     raise JSONDecodeError("Expecting value", s, err.value) from None
> json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
> During handling of the above exception, another exception occurred:


Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/flask/app.py", line 1484,
in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/flask/app.py", line 1469,
in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 56, in oauth_authorize
    status, msg = auth_obj.login()
                  ^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/authenticate/__init__.py", line 301, in login
    status, msg = self.source.login(self.form)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 126, in login
    profile = self.get_user_profile()
              ^^^^^^^^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 201, in get_user_profile
    self.oauth2_current_client].authorize_access_token()
                                ^^^^^^^^^^^^^^^^^^^^^^^^
  File 
"/venv/lib/python3.11/site-packages/authlib/integrations/flask_client/apps.py",
line 101, in authorize_access_token
    token = self.fetch_access_token(**params, **kwargs)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File 
"/venv/lib/python3.11/site-packages/authlib/integrations/base_client/sync_app.py",
line 342, in fetch_access_token
    token = client.fetch_token(token_endpoint, **params)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/authlib/oauth2/client.py",
line 207, in fetch_token
    return self._fetch_token(
           ^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/authlib/oauth2/client.py",
line 364, in _fetch_token
    return self.parse_response_token(resp)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/authlib/oauth2/client.py",
line 338, in parse_response_token
    token = resp.json()
            ^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/requests/models.py", line
975, in json
    raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
10.248.227.10 - - [02/Jan/2024:07:16:48 +0000] "GET
/oauth2/authorize?state=zhsCc9Nspt61zaWitYqfT61JoHiHer&session_state=4d4bdc0d-3901-4d13-af89-d1646a3115b3&iss=http%3A%2F%2Fkeycloak.xxxx.xxxx%3A8080%2Frealms%2Fiam&code=dd98dd4a-bd20-49aa-861d-39f5d5af1795.4d4bdc0d-3901-4d13-af89-d1646a3115b3.ec389ead-d683-4f45-a63a-d93f0814efaf
HTTP/1.1" 500 104 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64;
rv:120.0) Gecko/20100101 Firefox/120.0"

Thanks for your support,

Best regards,
Jose


On Tue, Jan 2, 2024 at 5:41 AM Yogesh Mahajan
<yogesh.maha...@enterprisedb.com> wrote:
>
> Hi Jose,
>
> pgAdmin 4 supports keycloak for authentication. Is there any error/difficulty 
> while configuration?
> Here is typical configuration for keycloak provider -
>
> AUTHENTICATION_SOURCES = ['internal','oauth2']
> OAUTH2_CONFIG = [
>
>  {  'OAUTH2_NAME': 'keycloak',
>     'OAUTH2_DISPLAY_NAME': 'Login with Keycloak',
>     'OAUTH2_CLIENT_ID': '<keycloak client id>',
>     'OAUTH2_CLIENT_SECRET': '<client secret>',
>     'OAUTH2_TOKEN_URL': 'https://<keycloak server 
> ip:port>/realms/<realm_name>/protocol/openid-connect/token',
>     'OAUTH2_AUTHORIZATION_URL': 'https://<keycloak server 
> ip:port>/realms/<realm_name>/protocol/openid-connect/auth',
>
>     'OAUTH2_API_BASE_URL': None,
>     'OAUTH2_USERINFO_ENDPOINT': 'https://<keycloak server 
> ip:port>/realms/<realm_name>/protocol/openid-connect/userinfo',
>     'OAUTH2_SCOPE': 'openid',
>     'OAUTH2_USERNAME_CLAIM': None,
>     'OAUTH2_ICON': None,
>     'OAUTH2_BUTTON_COLOR': None,
>     'OAUTH2_SERVER_METADATA_URL': 'https://<keycloak server 
> ip:port>//realms/<realm_name>/.well-known/openid-configuration',
>     'OAUTH2_SSL_CERT_VERIFICATION': False
> }]
>
>
>
> Thanks,
> Yogesh Mahajan
> EnterpriseDB
>
>
> On Mon, Jan 1, 2024 at 10:05 PM Jose M Barreiro <jmbarre...@gmail.com> wrote:
>>
>> Hi,
>>
>> First of all, Happy New Year!!!!
>>
>> I have a problem with pgadmin and keycloak. We need to change our IDP, 
>> actually we are using okta and pgadmin is working fine with it.
>>
>> We need to configure pgadmin to use keycloak but it's not possible to 
>> configure pgadmin to work with keycloak.
>>
>> Can you help us to understand the reason?
>>
>> Best regards,
>> Jose
>>

Re: pgadmin and keycloak

Reply via email to