this post was submitted on 24 Nov 2024

13 points (93.3% liked)

Selfhosted

40351 readers

343 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Help Needed: Disabling Dynamic Client Registration in Keycloak for OwnCloud Infinite Scale Mobile App Authentication (buddyverse.one)

submitted 13 hours ago by mitexleo@buddyverse.one to c/selfhosted@lemmy.world

9 comments fedilink hide all child comments

Hi,

I'm hoping someone can help me with an issue I'm facing with Keycloak and OCIS.

Background: I installed OCIS (ownCloud Infinite Scale) and configured it to use Keycloak as the OIDC provider. Everything works perfectly when logging in via the web interface. However, I'm encountering issues when trying to log in from the ownCloud mobile apps (iOS and Android).

Problem: Whenever I attempt to log in from the mobile apps, Keycloak reports a "client not found" error. According to various forum posts, Keycloak is creating a new client each time a login attempt is made from the mobile apps. Since these dynamically created clients are not configured properly, the login fails.

Suggested Solution: One developer suggested disabling dynamic client registration in Keycloak. This would prevent Keycloak from creating new clients automatically and ensure that the existing, properly configured client is used.

My Setup:

Keycloak version: 26
OCIS version: 5.0.9 (Stable)

What I've Tried: I've looked through the Keycloak admin console and documentation but haven't found a straightforward way to disable dynamic client registration. I've also tried configuring the clients manually, but the issue persists.

Questions:

How can I disable dynamic client registration in Keycloak version 26?
Are there any other settings or configurations I should be aware of to ensure smooth authentication for the ownCloud mobile apps?

Any guidance or insights would be greatly appreciated. Thanks in advance!

top 9 comments

sorted by: hot top controversial new old

[–] sorter_plainview@lemmy.today 2 points 11 hours ago* (last edited 11 hours ago) (1 children)

Hi, I have some experience with Keycloak. So I assume ~~you explicitly enabled~~ you are using OIDC dynamic registration.

Can you share the config file after redacting sensitive contents?

[–] mitexleo@buddyverse.one 1 points 11 hours ago (1 children)

I didn't enable dynamic registration. I used this docker compose to deploy keycloak: https://github.com/mitexleo/keycloak_docker/blob/main/compose.yaml

[–] sorter_plainview@lemmy.today 2 points 11 hours ago (1 children)

Oh, so no separate config is used and only env variables I guess. Is it possible for you to get the URL your app is requesting? If yes, please share a sample.

Also double check the realm name. I assume you created a new realm for your use and not using master.

[–] mitexleo@buddyverse.one 1 points 11 hours ago (1 children)

This is the url owncloud android app requested: https://auth.mydomain.com/realms/R1/protocol/openid-connect/auth?redirect_uri=oc%3A%2F%2Fandroid.owncloud.com&client_id=e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD&response_type=code&scope=openid+offline_access+email+profile&prompt=select_account+consent&code_challenge=lp5qe4-dZXKk2jWBZatdNDgJXuJEApCOnwrnPXk7kds&code_challenge_method=S256&state=fyjgrmwYOWVnGgCWB0hH

Yeah, I'm using a dedicated realm for OCIS. It's working without any issues on the web.

[–] mitexleo@buddyverse.one 1 points 11 hours ago* (last edited 5 hours ago) (1 children)

You might want to check this out: https://github.com/owncloud/client/issues/11940

Apparently, the client_ID stays same in my case. I guess it's not really creating new clients.

I also set oc://android.owncloud.com as valid redirect URI.

[–] sorter_plainview@lemmy.today 2 points 3 hours ago

Sorry for the delay. I got busy. I'm not entirely sure this is a dynamic registration issue. Your screenshot points to something like a permission issue. This is a bit wild guess with very limited information.

Do you have any info saved when you attempted to register the client manually and use client id and secret?

I will try to do some tests when I get to my setup. Do ping me if you have any updates.

[–] just_another_person@lemmy.world -2 points 13 hours ago (1 children)

Dafuq?

[–] mitexleo@buddyverse.one 1 points 13 hours ago (1 children)

What does that mean?

[–] mitexleo@buddyverse.one -1 points 13 hours ago

Got it ..