Hi, I am not able to reproduce the issue. I have tried with SSL and Non-SSL enabled Keycloak. Can you please add lines below in config_local.py -
import logging FILE_LOG_LEVEL = logging.DEBUG CONSOLE_LOG_LEVEL = logging.DEBUG And get the pgadmin logs? Also can you please share OS details and the pgadmin version? Thanks, Yogesh Mahajan EnterpriseDB On Tue, Jan 2, 2024 at 12:49 PM Jose M Barreiro <jmbarre...@gmail.com> wrote: > Hi Yogesh, > > Thank you for your support. I have several problems with pgadmin and > keycloak. For example, > > if I use OAUTH2_SERVER_METADATA_URL, I received this error ""403 > Client Error: Forbidden for url: > http://keycloak.xxx.xxxx:8080/realms/iam/.well-known/openid-configuration > "" > > I I used your example, I received this error " > > > {"success":0,"errormsg":"'OAUTH2_API_BASE_URL'","info":"","result":null,"data":null} > > If I use this configuration > > > > OAUTH2_CONFIG = [ > > { > > 'OAUTH2_NAME': 'keycloak', > > 'OAUTH2_DISPLAY_NAME': 'KEYCLOAK', > > 'OAUTH2_CLIENT_ID': 'pgadmin', > > 'OAUTH2_CLIENT_SECRET': 'xxxx', > > 'OAUTH2_TOKEN_URL': ' > http://keycloak.xxx.xxx:8080/realms/iam/protocol/openid-connect/token', > > 'OAUTH2_AUTHORIZATION_URL': ' > http://keycloak.xxx.xxx:8080/realms/iam/protocol/openid-connect/auth', > > 'OAUTH2_USERINFO_ENDPOINT': ' > http://keycloak.xxx.xxx:8080/realms/iam/protocol/openid-connect/userinfo', > > 'OAUTH2_API_BASE_URL': 'http://keycloak.xxx.xxx:8080/realms/iam', > > 'OAUTH2_ICON': 'fa-google', > > 'OAUTH2_BUTTON_COLOR': '#0000ff', > > 'OAUTH2_SCOPE': 'openid', > > 'OAUTH2_SSL_CERT_VERIFICATION': 'False', > > 'OAUTH2_ADDITIONAL_CLAIMS': { > > 'groups': ["administrators"], > > } > > } > > ] > > I receive this error > > {"success":0,"errormsg":"Expecting value: line 1 column 1 (char > 0)","info":"","result":null,"data":null} > > In the logs you can see > > > > 10.248.227.10 - - [02/Jan/2024:07:16:47 +0000] "POST /authenticate/login > HTTP/1.1" 302 791 "https://pgadmin4.apps.xxxx.xxxx.dplt/login?next=%2F"; > "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:120.0) Gecko/20100101 > Firefox/120.0" > > > > 2024-01-02 07:16:48,400: ERROR pgadmin: Expecting value: line 1 column 1 > (char 0) > > Traceback (most recent call last): > > File "/venv/lib/python3.11/site-packages/requests/models.py", line > 971, in json > > return complexjson.loads(self.text, **kwargs) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > File "/usr/lib/python3.11/json/__init__.py", line 346, in loads > > return _default_decoder.decode(s) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > > File "/usr/lib/python3.11/json/decoder.py", line 337, in decode > > obj, end = self.raw_decode(s, idx=_w(s, 0).end()) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode > > raise JSONDecodeError("Expecting value", s, err.value) from None > > json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) > > During handling of the above exception, another exception occurred: > > > Traceback (most recent call last): > File "/venv/lib/python3.11/site-packages/flask/app.py", line 1484, > in full_dispatch_request > rv = self.dispatch_request() > ^^^^^^^^^^^^^^^^^^^^^^^ > File "/venv/lib/python3.11/site-packages/flask/app.py", line 1469, > in dispatch_request > return > self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 56, in > oauth_authorize > status, msg = auth_obj.login() > ^^^^^^^^^^^^^^^^ > File "/pgadmin4/pgadmin/authenticate/__init__.py", line 301, in login > status, msg = self.source.login(self.form) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 126, in login > profile = self.get_user_profile() > ^^^^^^^^^^^^^^^^^^^^^^^ > File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 201, in > get_user_profile > self.oauth2_current_client].authorize_access_token() > ^^^^^^^^^^^^^^^^^^^^^^^^ > File > "/venv/lib/python3.11/site-packages/authlib/integrations/flask_client/apps.py", > line 101, in authorize_access_token > token = self.fetch_access_token(**params, **kwargs) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File > "/venv/lib/python3.11/site-packages/authlib/integrations/base_client/sync_app.py", > line 342, in fetch_access_token > token = client.fetch_token(token_endpoint, **params) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/venv/lib/python3.11/site-packages/authlib/oauth2/client.py", > line 207, in fetch_token > return self._fetch_token( > ^^^^^^^^^^^^^^^^^^ > File "/venv/lib/python3.11/site-packages/authlib/oauth2/client.py", > line 364, in _fetch_token > return self.parse_response_token(resp) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/venv/lib/python3.11/site-packages/authlib/oauth2/client.py", > line 338, in parse_response_token > token = resp.json() > ^^^^^^^^^^^ > File "/venv/lib/python3.11/site-packages/requests/models.py", line > 975, in json > raise RequestsJSONDecodeError(e.msg, e.doc, e.pos) > requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 > (char 0) > 10.248.227.10 - - [02/Jan/2024:07:16:48 +0000] "GET > > /oauth2/authorize?state=zhsCc9Nspt61zaWitYqfT61JoHiHer&session_state=4d4bdc0d-3901-4d13-af89-d1646a3115b3&iss=http%3A%2F%2Fkeycloak.xxxx.xxxx%3A8080%2Frealms%2Fiam&code=dd98dd4a-bd20-49aa-861d-39f5d5af1795.4d4bdc0d-3901-4d13-af89-d1646a3115b3.ec389ead-d683-4f45-a63a-d93f0814efaf > HTTP/1.1" 500 104 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; > rv:120.0) Gecko/20100101 Firefox/120.0" > > Thanks for your support, > > Best regards, > Jose > > > On Tue, Jan 2, 2024 at 5:41 AM Yogesh Mahajan > <yogesh.maha...@enterprisedb.com> wrote: > > > > Hi Jose, > > > > pgAdmin 4 supports keycloak for authentication. Is there any > error/difficulty while configuration? > > Here is typical configuration for keycloak provider - > > > > AUTHENTICATION_SOURCES = ['internal','oauth2'] > > OAUTH2_CONFIG = [ > > > > { 'OAUTH2_NAME': 'keycloak', > > 'OAUTH2_DISPLAY_NAME': 'Login with Keycloak', > > 'OAUTH2_CLIENT_ID': '<keycloak client id>', > > 'OAUTH2_CLIENT_SECRET': '<client secret>', > > 'OAUTH2_TOKEN_URL': 'https://<keycloak server > ip:port>/realms/<realm_name>/protocol/openid-connect/token', > > 'OAUTH2_AUTHORIZATION_URL': 'https://<keycloak server > ip:port>/realms/<realm_name>/protocol/openid-connect/auth', > > > > 'OAUTH2_API_BASE_URL': None, > > 'OAUTH2_USERINFO_ENDPOINT': 'https://<keycloak server > ip:port>/realms/<realm_name>/protocol/openid-connect/userinfo', > > 'OAUTH2_SCOPE': 'openid', > > 'OAUTH2_USERNAME_CLAIM': None, > > 'OAUTH2_ICON': None, > > 'OAUTH2_BUTTON_COLOR': None, > > 'OAUTH2_SERVER_METADATA_URL': 'https://<keycloak server > ip:port>//realms/<realm_name>/.well-known/openid-configuration', > > 'OAUTH2_SSL_CERT_VERIFICATION': False > > }] > > > > > > > > Thanks, > > Yogesh Mahajan > > EnterpriseDB > > > > > > On Mon, Jan 1, 2024 at 10:05 PM Jose M Barreiro <jmbarre...@gmail.com> > wrote: > >> > >> Hi, > >> > >> First of all, Happy New Year!!!! > >> > >> I have a problem with pgadmin and keycloak. We need to change our IDP, > actually we are using okta and pgadmin is working fine with it. > >> > >> We need to configure pgadmin to use keycloak but it's not possible to > configure pgadmin to work with keycloak. > >> > >> Can you help us to understand the reason? > >> > >> Best regards, > >> Jose > >> >
