Hi,
I am trying to integrate passport-bridge with keycloak and am stuck.
Keycloak uses 'sub' as an internal user id, a bit different than the standard id.
I am using the passport-openidconnect strategy.
https://www.npmjs.com/package/passport-openidconnect-keycloak-idp
I have account creation set.
The answer I get is from openidconnect, and I assume it may be an issue between openidconnect and apostrophecms-passportbridge
A login error occurred
An error occurred while logging in via openidconnect
Your credentials were not accepted, your account is not affiliated with this site, or an existing account has the same username or email address.
If you believe you are seeing this message in error please contact the administrator.
here is my modules/@apostrophecms/passport-bridge/index.js
module.exports = {
// In modules/@apostrophecms/passport-bridge/index.js
options: {
create: {
// If you wish to treat all valid google users in your domain as
// admins of the site. See also `guest`, `contributor`, `editor`, 'admin'
//
role: 'guest'
},
strategies: [
{
// You must npm install --save this module in your project first
module: 'passport-openidconnect',
options: {
issuer: 'https://id.lesgv.com',
authorizationURL: 'https://id.lesgv.com/realms/master/protocol/openid-connect/auth',
tokenURL: 'https://id.lesgv.com/realms/master/protocol/openid-connect/token',
userProfileURL: 'https://id.lesgv.com/realms/master/protocol/openid-connect/userinfo',
clientID: '',
clientSecret: '',
callbackURL: 'https://alpha.lesgv.com/auth/oauth2/login'
},
// Ignore users whose email address does not match this domain
// according to the identity provider
emailDomain: 'mann.fr',
// Use the user's email address as their identity
match: 'email',
// Strategy-specific options that must be passed to the authenticate middleware.
// See the documentation of the strategy module you are using
authenticate: {
// 'email' for the obvious, 'profile' for the displayName (for the create option)
scope: [ 'email', 'profile']
//scope: [ 'email', 'preferred_username']
//scope: [ 'email']
}
}
]
}
};Oooo, I just read See the documentation of the strategy module you are using
I guess I will also check that.
Hi,
I am trying to integrate passport-bridge with keycloak and am stuck.
Keycloak uses 'sub' as an internal user id, a bit different than the standard id.
I am using the passport-openidconnect strategy.
https://www.npmjs.com/package/passport-openidconnect-keycloak-idp
I have account creation set.
The answer I get is from openidconnect, and I assume it may be an issue between openidconnect and apostrophecms-passportbridge
here is my modules/@apostrophecms/passport-bridge/index.js
Oooo, I just read See the documentation of the strategy module you are using
I guess I will also check that.