Solved

Failed to init OIDC provider with Keycloak

  • 12 February 2022
  • 2 comments
  • 509 views

Userlevel 3

Dear, 

I am trying to integrate Kasten K10 with Keycloak via OIDC.

 

I have followed the other post: 

 

Our Kubernetes cluster does use a Self signed CA Certificate for HTTPS, and is used by Nginx Ingress Controller via Cert Manager.

However when I navigate to http://xxxx/k10/#  the pod: auth-svc logs the following error:

{"message":"Failed to init OIDC provider","function":"kasten.io/k10/kio/auth.initOIDC","linenumber":137,"file":"kasten.io/k10/kio/auth/oidc.go:137","cause":{"message":"Failed to setup OIDC Provider","function":"kasten.io/k10/kio/auth.provider","linenumber":126,"file":"kasten.io/k10/kio/auth/oidc.go:126","cause":{"Op":"Get","URL":"https://xxxx.com/auth/realms/yyyy/.well-known/openid-configuration","Err":{"Cert":

Here then it logs basically our CA Certficiate content, and the log ends as:

"hostname":"auth-svc-5fc8dcfb76-vjfnf","level":"error","msg":"Failed to create OIDC provider","path":"/v0/authz/k10/","time":"20220212-08:35:35.043Z","version":"4.5.8"}

We are running Kasten K10 version 4.5.8, on Azure Kubernetes Service 1.21.7

icon

Best answer by jaiganeshjk 14 February 2022, 12:20

View original

2 comments

Userlevel 6
Badge +2

To authenticate with a private OIDC provider whose self-signed certificate was signed by a trusted Root CA, the certificate for the Root CA has to be provided to K10 to enable successful verification of TLS connections to the OIDC provider. 

You have to create a configMap with the rootCA and upgrade K10 to use that configMap.

You can follow the documentation to add your root CA to K10’s truststore.

Also, we have an in-house tool K10tools that can be used to debug the auth configuration. This tool looks for kubeconfig in the default path ($HOME/.kube/config)

This documentation should be helpful to use K10tools to debug authentication config. 

Userlevel 3

Than you very much, problem solved :)

Comment