this post was submitted on 24 Nov 2024
15 points (94.1% liked)

Selfhosted

60281 readers
598 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Hi,

I'm hoping someone can help me with an issue I'm facing with Keycloak and OCIS.

Background: I installed OCIS (ownCloud Infinite Scale) and configured it to use Keycloak as the OIDC provider. Everything works perfectly when logging in via the web interface. However, I'm encountering issues when trying to log in from the ownCloud mobile apps (iOS and Android).

Problem: Whenever I attempt to log in from the mobile apps, Keycloak reports a "client not found" error. According to various forum posts, Keycloak is creating a new client each time a login attempt is made from the mobile apps. Since these dynamically created clients are not configured properly, the login fails.

Suggested Solution: One developer suggested disabling dynamic client registration in Keycloak. This would prevent Keycloak from creating new clients automatically and ensure that the existing, properly configured client is used.

My Setup:

  • Keycloak version: 26
  • OCIS version: 5.0.9 (Stable)

What I've Tried: I've looked through the Keycloak admin console and documentation but haven't found a straightforward way to disable dynamic client registration. I've also tried configuring the clients manually, but the issue persists.

Questions:

  1. How can I disable dynamic client registration in Keycloak version 26?
  2. Are there any other settings or configurations I should be aware of to ensure smooth authentication for the ownCloud mobile apps?

Any guidance or insights would be greatly appreciated. Thanks in advance!

Edit: Found the solution: https://mitexleo.one/@ml/113542105595682701

you are viewing a single comment's thread
view the rest of the comments
[–] sorter_plainview@lemmy.today 2 points 2 years ago* (last edited 2 years ago) (1 children)

Hi, I have some experience with Keycloak. So I assume ~~you explicitly enabled~~ you are using OIDC dynamic registration.

Can you share the config file after redacting sensitive contents?

[–] mitexleo@buddyverse.one 1 points 2 years ago (1 children)

I didn't enable dynamic registration. I used this docker compose to deploy keycloak: https://github.com/mitexleo/keycloak_docker/blob/main/compose.yaml

[–] sorter_plainview@lemmy.today 2 points 2 years ago (1 children)

Oh, so no separate config is used and only env variables I guess. Is it possible for you to get the URL your app is requesting? If yes, please share a sample.

Also double check the realm name. I assume you created a new realm for your use and not using master.

[–] mitexleo@buddyverse.one 1 points 2 years ago (1 children)
[–] mitexleo@buddyverse.one 1 points 2 years ago* (last edited 2 years ago) (1 children)

You might want to check this out: https://github.com/owncloud/client/issues/11940

Apparently, the client_ID stays same in my case. I guess it's not really creating new clients.

I also set oc://android.owncloud.com as valid redirect URI.

[–] sorter_plainview@lemmy.today 3 points 2 years ago (2 children)

Sorry for the delay. I got busy. I'm not entirely sure this is a dynamic registration issue. Your screenshot points to something like a permission issue. This is a bit wild guess with very limited information.

Do you have any info saved when you attempted to register the client manually and use client id and secret?

I will try to do some tests when I get to my setup. Do ping me if you have any updates.

[–] mitexleo@buddyverse.one 1 points 2 years ago

I just tried to login from the mobile app.

[–] mitexleo@buddyverse.one 1 points 2 years ago

Found the solution: https://mitexleo.one/@ml/113542105595682701

I just had to import client config the apps.