[BUG] Sharing Keycloak setup, not exactly a bug but certainly felt like one
rxunique opened this issue · comments
Environment
Self-Hosted (Docker)
System
Docker 25
Version
3.0
Describe the problem
It wasn't very smooth for me to get Dashy 3.0 and KC 24.0.3 working together, but I kinda got there, so sharing my settings that may help others. Also there's a bit bug like behavior, not sure which side it originate from, or just need a documentation update
Most of Dashy doc are good, here are some crucial details
In TC clients,
"Client authentication" must be switched off, otherwise it gets into a redirect loop, or at least that's how it looks like to me.
In TC clients -> Advanced -> OpenID Connect Compatibility Modes,
"Exclude Issuer From Authentication Response " must be switched on. Otherwise it redirects to "https://dashy.my.domain/#iss=https://keycloak.my.domain/realms/my-realm"
You can still login to dashy, but refresh, logout will generate in TC error="invalid_redirect_uri"
In TC clients -> Access settings, if you are using multiple dashy pages, you need
- Root URL https://dashy.my.domain/ (with/wo trailing / doesn't matter)
- Valid redirect URIs must be /*
Otherwise other pages will generate in TC error="invalid_redirect_uri"
With above steps, I got KC working ok, but show/hide based on group/role still doesn't work, raised here #1550
Additional info
No response
Please tick the boxes
- You have explained the issue clearly, and included all relevant info
- You are using a supported version of Dashy
- You've checked that this issue hasn't already been raised
- You've checked the docs and troubleshooting guide
- You agree to the code of conduct
If you're enjoying Dashy, consider dropping us a ⭐
🤖 I'm a bot, and this message was automated
Hello all,
For anybody using Dashy authentication, please read the following posts:
Read carefully before using Dashy exposed to the internet.
