Failed to init OIDC provider with Keycloak

Question

Dear,

I am trying to integrate Kasten K10 with Keycloak via OIDC.

I have followed the other post:

Our Kubernetes cluster does use a Self signed CA Certificate for HTTPS, and is used by Nginx Ingress Controller via Cert Manager.

However when I navigate to http://xxxx/k10/# the pod: auth-svc logs the following error:

{"message":"Failed to init OIDC provider","function":"kasten.io/k10/kio/auth.initOIDC","linenumber":137,"file":"kasten.io/k10/kio/auth/oidc.go:137","cause":{"message":"Failed to setup OIDC Provider","function":"kasten.io/k10/kio/auth.provider","linenumber":126,"file":"kasten.io/k10/kio/auth/oidc.go:126","cause":{"Op":"Get","URL":"https://xxxx.com/auth/realms/yyyy/.well-known/openid-configuration","Err":{"Cert":

Here then it logs basically our CA Certficiate content, and the log ends as:

"hostname":"auth-svc-5fc8dcfb76-vjfnf","level":"error","msg":"Failed to create OIDC provider","path":"/v0/authz/k10/","time":"20220212-08:35:35.043Z","version":"4.5.8"}

We are running Kasten K10 version 4.5.8, on Azure Kubernetes Service 1.21.7

jaiganeshjk · Accepted Answer

To authenticate with a private OIDC provider whose self-signed certificate was signed by a trusted Root CA, the certificate for the Root CA has to be provided to K10 to enable successful verification of TLS connections to the OIDC provider.

You have to create a configMap with the rootCA and upgrade K10 to use that configMap.

You can follow the documentation to add your root CA to K10’s truststore.

Also, we have an in-house tool K10tools that can be used to debug the auth configuration. This tool looks for kubeconfig in the default path ($HOME/.kube/config)

This documentation should be helpful to use K10tools to debug authentication config.

Matteo.Gazzadi · Answer

Than you very much, problem solved :)

Comment

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded