Good morning,
Currently, user authentication is done through LDAP, but we want to add Keycloak as AUTH_PROVIDER. The current configuration is as follows:
LOCAL_IDENTITIES = False
LOCAL_REGISTRATION = False
EXTERNAL_REGISTRATION_URL = 'https://MMMMMM/new-user-request/'
_ldap_config = {
'uri': 'ldaps://CCCCCCC',
'bind_dn': 'ZZZZZZZZZZZZZZZZZZZZ',
'bind_password': 'XXXXXXXXXXXXXXXXXXX',
'timeout': 30,
'verify_cert': True,
'page_size': 1500,
'uid': 'uid',
'user_base': 'DC=mmm,DC=es',
'user_filter': '(objectClass=person)',
'gid': 'cn',
'group_base': 'CN=XXXX',
'group_filter': '(objectClass=groupOfNames)',
'member_of_attr': 'memberOf',
'ad_group_style': False,
}
AUTH_PROVIDERS = {
'ldap': {
'type': 'ldap',
'title': 'IFCA LDAP',
'ldap': _ldap_config,
'default': True
},
'keycloak': {
'type': 'authlib',
'title': 'Keycloak',
'authlib_args': {
'client_id': 'ZZZZZZZZZZ',
'client_secret': 'XXXXXXXXXXXXXXXX',
'server_metadata_url': 'YYYYYYYYYYYYYYYYYY',
'client_kwargs': {'scope': 'openid'}
}
}
}
IDENTITY_PROVIDERS = {
'ldap': {
'type': 'ldap',
'title': 'LDAP',
'ldap': _ldap_config,
'mapping': {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
'affiliation': 'O',
},
'trusted_email': True,
'default_group_provider': True,
'synced_fields': {'first_name', 'last_name', 'email', 'affiliation'}
},
'keycloak': {
'type': 'authlib',
'title': 'Keycloak',
'mapping': {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
'affiliation': 'O',
},
'trusted_email': True,
'default_group_provider': True,
'synced_fields': {'first_name', 'last_name', 'email', 'affiliation'}
}
}
PROVIDER_MAP = {
'ldap': 'ldap'
}
but the systems is on “internal Server Error”, looking at indico shell:
(indico) indico@indico:~$ indico shell
Traceback (most recent call last):
File "/opt/indico/.venv/bin/indico", line 8, in <module>
sys.exit(cli())
^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/click/core.py", line 1157, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/click/core.py", line 1078, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/click/core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/click/core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/click/core.py", line 783, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/click/decorators.py", line 33, in new_func
return f(get_current_context(), *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/flask/cli.py", line 383, in decorator
app = ctx.ensure_object(ScriptInfo).load_app()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/flask/cli.py", line 328, in load_app
app: Flask | None = self.create_app()
^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/indico/cli/util.py", line 26, in _create_app
return make_app()
^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/indico/web/flask/app.py", line 420, in make_app
multipass.init_app(app)
File "/opt/indico/.venv/lib/python3.12/site-packages/indico/core/auth.py", line 80, in init_app
super().init_app(app)
File "/opt/indico/.venv/lib/python3.12/site-packages/flask_multipass/core.py", line 80, in init_app
validate_provider_map(state)
File "/opt/indico/.venv/lib/python3.12/site-packages/flask_multipass/util.py", line 171, in validate_provider_map
raise ValueError('Auth providers not linked to identity providers: ' + ', '.join(invalid_keys))
ValueError: Auth providers not linked to identity providers: keycloak
Any idea?
Regards, I