Keycloak as OpenId provider


(Ahammi) #1

Dear all,

I am working on DHIS2 integration with Keycloak (https://www.keycloak.org/index.html). The idea is to delegate the user authentication from dhis2 to keycloak. I found that we can configure dhis2 to do that by enabling the openid support (https://docs.dhis2.org/2.26/en/user/html/open_id.html). However, it doesn’t work.
Here are what I did :
1- Within Keycloak: I created openid client called dhis2:

2- Withi dhis2 : I filled the OpenID provider and Label fields to refer to keycloak :

I tried many URLs :
http://localhost:8180/auth/realms/demo/protocol/openid-connect/auth
http://localhost:8180/auth/realms/demo

  1. I created new user in dhis2 (I also created a user with the same name in keycloak) and I filled the openid :

When I open dhis2 login page, I got new added button, but when I click I am forwarded to the login page again:

I looked into the dhis log file and every time I click on the button, this error message appears:

_ERROR 2019-02-06 11:35:52,953 Association attempt, but no discovery endpoints provided. (ConsumerManager.java [http-bio-8081-exec-9])

Do you have any idea about that issue ? it looks like the openid provider url is not good, however I am wondering what we should put exactly on these fields:
OpenId provider under Access and OpenId under user ?
Many thanks in advance.
ahammi