You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2021/01/22 08:07:41 UTC

[GitHub] [druid] trinitry commented on issue #10783: pac4j using OAuth authentication

trinitry commented on issue #10783:
URL: https://github.com/apache/druid/issues/10783#issuecomment-765219676


   
   the output from 
   `curl -vv https://xxxxxx.biz/auth/realms/eu0/protocol/openid-connect/token`
   
   `> GET /auth/realms/eu0/protocol/openid-connect/token HTTP/1.1
   > Host: sso.XXXX.biz
   > User-Agent: curl/7.64.1
   > Accept: */*
   > 
   < HTTP/1.1 405 Method Not Allowed
   < Server: nginx/1.19.5
   < Date: Thu, 21 Jan 2021 12:55:13 GMT
   < Content-Type: application/json
   < Content-Length: 90
   < Connection: keep-alive
   < 
   * Connection #0 to host sso.XXXX.biz left intact
   {"error":"RESTEASY003650: No resource method found for GET, return 405 with Allow header"}* Closing connection 0`
   
   As i see from the above is (i believe) exactly what you suggest to be the issue!!
   
   Then i try with a different 
   `druid.auth.pac4j.oidc.discoveryURI` which i also tested
   
   `curl -vv https://sso.XXXX.biz/auth/realms/eu0/.well-known/openid-configuration`
   and i got 
   
   GET /auth/realms/eu0/.well-known/openid-configuration HTTP/1.1
   > Host: sso.XXXXX.biz
   > User-Agent: curl/7.64.1
   > Accept: */*
   > 
   < HTTP/1.1 200 OK
   < Server: nginx/1.19.5
   < Date: Thu, 21 Jan 2021 12:52:48 GMT
   < Content-Type: application/json
   < Content-Length: 2644
   < Connection: keep-alive
   < Cache-Control: no-cache, must-revalidate, no-transform, no-store
   < 
   * Connection #0 to host sso.XXXX.biz left intact
   {"issuer":"https://sso .....* Closing connection 0
   
   It seems with this discoveryURI i went a bit further... but now i get through Druid web console
   
   > Invalid parameter: redirect_uri
   
   For the authentication server, if i am not mistaken (as i am not the one who set the broker up but i try to connect to it), i understand that is using the 
   
   > keycloak
   
   Thank you for your comments and support on this!!


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org