[GeoNetwork-devel] Authenticating Geonetwork with latest keycloak

Hi All,

Does anyone have any up to date guidance on authentication with keycloak, for keycloak 23.04?

I previously had a working configuration (OpenID Connect and Azure AD) but that was a couple of years ago. Going back to it now for a new install, there have been a number of changes and I’m struggling to get basic Geonetwork authentication working. I’ve followed the instructions at https://docs.geonetwork-opensource.org/4.2/administrator-guide/managing-users-and-groups/authentication-mode/#authentication-keycloak but when I enter my credentials in the keycloak geonetwork client login page I am redirected to a 403 error page in jetty and I get an invalid_code error in keycloak.

I would be incredibly grateful if someone could confirm that they have authentication working in Keycloak 23 and could share the basic client settings with me. Otherwise, what versions of keycloak do people have working with Geonetwork 4.2?

Thanks in advance

Jo

Hi Dave,

Thanks- I think I’m at a slightly earlier stage eg literally just trying to use Keycloak as an identity provider (so just the section on https://docs.geonetwork-opensource.org/4.2/administrator-guide/managing-users-and-groups/authentication-mode/#authentication-keycloak). So basically I’ve created a geonetwork realm and client, configured geonetwork to use the keycloak security type, created some groups that map to geonetwork groups, and some sample users/roles that map to those groups. The first bit works fine, in that the geonetwork sign in delegates to keycloak, but I can’t log in as one of the users I have created. I just get an invalid_token error.

From (admittedly very vague) memory, that should be enough to test it’s working before I go over to Azure AD? I’m seriously considering dropping back to the older version of keycloak to see if that fixes things- what version are you using?

Thanks again

Jo