KeyCloak - Funky Penguin's Geek Cookbook

tlcsundown · December 22, 2019, 1:17pm

There a typo in the recipe.
I had the same problem as sylbae after following these steps.
In the Setup environment paragraph
COOKIE_DOMAIN=<the root FQDN of your domain>
should be (the ‘s’ is missing)
COOKIE_DOMAINS=<the root FQDN of your domain>

senyor · December 28, 2019, 6:17am

I’ve created another docker image ‘senyor/traefik-forward-auth’ to see the real error message behind “failed to get oidc parametere from oidc connect”.

In my case it could not resolve domain name for Keycloak.

Ryan_Stafford · January 15, 2020, 4:47pm

I was getting the error “failed to get oidc parametere from oidc connect”
Turns out the root CA of my cert wasn’t trusted by the container. I fixed it with a new Dockerfile

from funkypenguin/traefik-forward-auth
add ./DigiCertCA.crt /etc/ssl/certs/
run cat /etc/ssl/certs/DigiCertCA.crt >> /etc/ssl/certs/ca-certificates.crt
expose 4181

funkypenguin · June 16, 2020, 6:24pm

Hey guys,

Please note that this recipe was updated last week to support the “official” upstream traefik-forward-auth container, which now does support multiple OIDC providers. My container is therefore deprecated

D

Kostka · March 11, 2022, 10:00am

and if an application wants to connect to the api authenticated by keycloak, what configuration can we do to the application, we also add a label or ?

funkypenguin · March 16, 2022, 8:13pm

If the application is running within the same stack as the api, then it can connect directly to the api by name, bypassing traefik-forward-auth.

If the application is outside of the stack, then you’d want to try to use some of the traefik-forward-auth rules to permit it, based on source IP or other parameters.

Kostka · March 31, 2022, 6:04am

Wait I’ll explain in detail what I’m trying to do
I have an mlflow server which does not have authentication by default, it is risky to leave it open to everyone, so I decided to use an access management tool which is keycloak , and the mlflow server is now secure. but when i try to train a model, i find an error because of keycloak authentication on mlflow server, authentication blocks model training, model training is done via python code which points to the mlflow server.
I don’t know how to make it possible to train a model again with keycloak authentication in place.