Keycloak as OpenId provider

(Ahammi) #1

Dear all,

I am working on DHIS2 integration with Keycloak (https://www.keycloak.org/index.html). The idea is to delegate the user authentication from dhis2 to keycloak. I found that we can configure dhis2 to do that by enabling the openid support (https://docs.dhis2.org/2.26/en/user/html/open_id.html). However, it doesn’t work.
Here are what I did :
1- Within Keycloak: I created openid client called dhis2:

2- Withi dhis2 : I filled the OpenID provider and Label fields to refer to keycloak :

I tried many URLs :
http://localhost:8180/auth/realms/demo/protocol/openid-connect/auth
http://localhost:8180/auth/realms/demo

  1. I created new user in dhis2 (I also created a user with the same name in keycloak) and I filled the openid :

When I open dhis2 login page, I got new added button, but when I click I am forwarded to the login page again:

I looked into the dhis log file and every time I click on the button, this error message appears:

_ERROR 2019-02-06 11:35:52,953 Association attempt, but no discovery endpoints provided. (ConsumerManager.java [http-bio-8081-exec-9])

Do you have any idea about that issue ? it looks like the openid provider url is not good, however I am wondering what we should put exactly on these fields:
OpenId provider under Access and OpenId under user ?
Many thanks in advance.
ahammi

1 Like

(Morten Hansen) #2

Hi,

Did you manage to get it working? while we do support OpenID 1, we do not support OpenID Connect, we have some plans to add support for this in the future, but it requires a large investment in the backend, so I can’t really guarantee for what release of DHIS2 we will have it (hopefully 2.33).

If you provider does support this older version of OpenID, feel free to create an issue in JIRA


Morten

1 Like