15
submitted 1 month ago* (last edited 1 month ago) by mitexleo@buddyverse.one to c/selfhosted@lemmy.world

Hi,

I'm hoping someone can help me with an issue I'm facing with Keycloak and OCIS.

Background: I installed OCIS (ownCloud Infinite Scale) and configured it to use Keycloak as the OIDC provider. Everything works perfectly when logging in via the web interface. However, I'm encountering issues when trying to log in from the ownCloud mobile apps (iOS and Android).

Problem: Whenever I attempt to log in from the mobile apps, Keycloak reports a "client not found" error. According to various forum posts, Keycloak is creating a new client each time a login attempt is made from the mobile apps. Since these dynamically created clients are not configured properly, the login fails.

Suggested Solution: One developer suggested disabling dynamic client registration in Keycloak. This would prevent Keycloak from creating new clients automatically and ensure that the existing, properly configured client is used.

My Setup:

  • Keycloak version: 26
  • OCIS version: 5.0.9 (Stable)

What I've Tried: I've looked through the Keycloak admin console and documentation but haven't found a straightforward way to disable dynamic client registration. I've also tried configuring the clients manually, but the issue persists.

Questions:

  1. How can I disable dynamic client registration in Keycloak version 26?
  2. Are there any other settings or configurations I should be aware of to ensure smooth authentication for the ownCloud mobile apps?

Any guidance or insights would be greatly appreciated. Thanks in advance!

Edit: Found the solution: https://mitexleo.one/@ml/113542105595682701

you are viewing a single comment's thread
view the rest of the comments
[-] sorter_plainview@lemmy.today 2 points 1 month ago* (last edited 1 month ago)

Hi, I have some experience with Keycloak. So I assume ~~you explicitly enabled~~ you are using OIDC dynamic registration.

Can you share the config file after redacting sensitive contents?

[-] mitexleo@buddyverse.one 1 points 1 month ago

I didn't enable dynamic registration. I used this docker compose to deploy keycloak: https://github.com/mitexleo/keycloak_docker/blob/main/compose.yaml

[-] sorter_plainview@lemmy.today 2 points 1 month ago

Oh, so no separate config is used and only env variables I guess. Is it possible for you to get the URL your app is requesting? If yes, please share a sample.

Also double check the realm name. I assume you created a new realm for your use and not using master.

[-] mitexleo@buddyverse.one 1 points 1 month ago
[-] mitexleo@buddyverse.one 1 points 1 month ago* (last edited 1 month ago)

You might want to check this out: https://github.com/owncloud/client/issues/11940

Apparently, the client_ID stays same in my case. I guess it's not really creating new clients.

I also set oc://android.owncloud.com as valid redirect URI.

[-] sorter_plainview@lemmy.today 3 points 1 month ago

Sorry for the delay. I got busy. I'm not entirely sure this is a dynamic registration issue. Your screenshot points to something like a permission issue. This is a bit wild guess with very limited information.

Do you have any info saved when you attempted to register the client manually and use client id and secret?

I will try to do some tests when I get to my setup. Do ping me if you have any updates.

[-] mitexleo@buddyverse.one 1 points 1 month ago

I just tried to login from the mobile app.

[-] mitexleo@buddyverse.one 1 points 1 month ago

Found the solution: https://mitexleo.one/@ml/113542105595682701

I just had to import client config the apps.

this post was submitted on 24 Nov 2024
15 points (94.1% liked)

Selfhosted

40716 readers
363 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS