This packages allow you authenticate users with Keycloak Server.
It works on front. For APIs we recommend laravel-keycloak-guard.
- Have a Keycloak Server.
- Have a realm configured and a client that accepts authentication.
This package was tested with:
- Laravel: 5.8 / 7 / 8 / 9 / 10 / 11
- Keycloak: 18.0.0
Any other version is not guaranteed to work.
This is project is open source and maintained on my free time. So, if you have any problem you can open a Issue with all details (laravel version, keycloak version, the description of problem...) and I'll be happy to try to help.
- User access a guarded route and is redirected to Keycloak login.
- User signin and obtains a code.
- He's redirected to callback page and we change the code for a access token.
- We store it on session and validate user.
- User is logged.
- We redirect the user to "redirect_url" route (see config) or the intended one.
Require the package
composer require vizir/laravel-keycloak-web-guard
If you want to change routes or the default values for Keycloak, publish the config file:
php artisan vendor:publish --provider="Vizir\KeycloakWebGuard\KeycloakWebGuardServiceProvider"
After publishing config/keycloak-web.php
file, you can change the routes:
'redirect_url' => '/admin',
'routes' => [
'login' => 'login',
'logout' => 'logout',
'register' => 'register',
'callback' => 'callback',
]
The scope openid
is always included, but if you need extra scopes you can add them as strings to the array:
'scopes' => [],
Example:
'scopes' => ['example_scope_1', 'example_scope_2'],
Change any value to change the URL.
Other configurations can be changed to have a new default value, but we recommend to use .env
file:
KEYCLOAK_BASE_URL
The Keycloak Server url. Generally is something like: https://your-domain.com/auth
.
KEYCLOAK_REALM
The Keycloak realm. The default is master
.
KEYCLOAK_REALM_PUBLIC_KEY
The Keycloak Server realm public key (string).
In dashboard go to: Keycloak >> Realm Settings >> Keys >> RS256 >> Public Key.
KEYCLOAK_CLIENT_ID
Keycloak Client ID.
In dashboard go to: Keycloak >> Clients >> Installation.
KEYCLOAK_CLIENT_SECRET
Keycloak Client Secret. If empty we'll not send it to Token Endpoint.
In dashboard go to: Keycloak >> Clients >> Installation.
KEYCLOAK_CACHE_OPENID
We can cache the OpenId Configuration: it's a list of endpoints we require to Keycloak.
If you activate it, remember to flush the cache when change the realm or url.
Just add the options you would like as an array to the" to "Just add the options you would like to guzzle_options array on keycloak-web.php config file. For example:
You should add Keycloak Web guard to your config/auth.php
.
Just add keycloak-web to "driver" option on configurations you want.
As my default is web, I add to it:
'guards' => [
'web' => [
'driver' => 'keycloak-web',
'provider' => 'users',
],
// ...
],
And change your provider config too:
'providers' => [
'users' => [
'driver' => 'keycloak-users',
'model' => Vizir\KeycloakWebGuard\Models\KeycloakUser::class,
],
// ...
]
Note: if you want use another User Model, check the FAQ How to implement my Model?.
We implement the Illuminate\Contracts\Auth\Guard
. So, all Laravel default methods will be available.
Ex: Auth::user()
returns the authenticated user.
You can check user has a role simply by Auth::hasRole('role')
;
This method accept two parameters: the first is the role (string or array of strings) and the second is the resource.
If not provided, resource will be the client_id, which is the regular check if you authenticating into this client to your front.
You can use Laravel Authorization Gate to check user against one or more roles (and resources).
For example, in your Controller you can check one role:
if (Gate::denies('keycloak-web', 'manage-account')) {
return abort(403);
}
Or multiple roles:
if (Gate::denies('keycloak-web', ['manage-account'])) {
return abort(403);
}
And roles for a resource:
if (Gate::denies('keycloak-web', 'manage-account', 'another-resource')) {
return abort(403);
}
This last use is not trivial, but you can extend the Guard to request authentication/authorization to multiple resources. By default, we request only the current client.
If you do not want to use the Gate or already implemented middlewares, you can check user against one or more roles using the keycloak-web-can
Middleware.
Add this to your Controller's __construct
method:
$this->middleware('keycloak-web-can:manage-something-cool');
// For multiple roles, separate with '|'
$this->middleware('keycloak-web-can:manage-something-cool|manage-something-nice|manage-my-application');
This middleware works searching for all roles on default resource (client_id).
You can extend it and register your own middleware on Kernel.php or just use Auth::hasRole($roles, $resource)
on your Controller.
We registered a new user provider that you configured on config/auth.php
called "keycloak-users".
In this same configuration you setted the model. So you can register your own model extending Vizir\KeycloakWebGuard\Models\KeycloakUser
class and changing this configuration.
You can implement your own User Provider: just remember to implement the retrieveByCredentials
method receiving the Keycloak Profile information to retrieve a instance of model.
Eloquent/Database User Provider should work well as they will parse the Keycloak Profile and make a "where" to your database. So your user data must match with Keycloak Profile.
We register a login
route to redirect to Keycloak Server. After login we'll receive and proccess the token to authenticate your user.
There's no login/registration form.
Just add the keycloak-web
middleware:
// On RouteServiceProvider.php for example
Route::prefix('admin')
->middleware('keycloak-web')
->namespace($this->namespace)
->group(base_path('routes/web.php'));
// Or with Route facade in another place
Route::group(['middleware' => 'keycloak-web'], function () {
Route::get('/admin', 'Controller@admin');
});
On session. We recommend implement the database driver if you have load balance.
State is a unique and non-guessable string used to mitigate CSRF attacks.
We associate each authentication request about to be initiated with one random state and check on callback. You should do it if you are extending/implementing your own Auth controller.
Use KeycloakWeb::saveState()
method to save the already generated state to session and KeycloakWeb::validateState()
to check the current state against the saved one.
For some reason Laravel can present a problem with EncryptCookies middleware changing the session ID.
In this case, we will always try to login, as tokens cannot be retrieved.
You can remove session_id cookie from encryption:
// On your EncryptCookies middleware
class EncryptCookies extends Middleware
{
protected $except = [];
public function __construct(EncrypterContract $encrypter)
{
parent::__construct($encrypter);
/**
* This will disable in runtime.
*
* If you have a "session.cookie" option or don't care about changing the app name
* (in another environment, for example), you can only add it to "$except" array on top
*/
$this->disableFor(config('session.cookie'));
}
}
If your client is not public, you should provide a KEYCLOAK_CLIENT_SECRET
on your .env
.
In some use cases you may need to override the default Guzzle options - likely either to disable SSL verification or to set a Proxy to route all requests through.
Every Guzzle Request Option is supported and is passed directly to the Guzzle Client instance.
Just add the options you would like to guzzle_options
array on keycloak-web.php
config file. For example:
laravel-keycloak-web-guard's People
Forkers
mnikoei saooti dilshansameera gozan agravelot oefielixir ahmedusama250 pashbat gpedro bavamca springboardvr martincamen ideable shamimulalam udevrandom johnbrookson gorkagv ytono mir-dhaka felipedamacenoteodoro paulocaldera enverarslan harish-sprw xdestiny melquiadesrodrigues rtitec socieboy stream-it muhdizuddin jorgemarinho lghs indushan santosmken azmirul alvarofelipems phenriquerb fonda-labs vostlertsd lincontroy danilzaytsev-hub serumk godfatherdemon rene-roscher slowcheetah andrex47 careerum vdeville skarjoss wmolinjr lderkzen tfsthiagobr98 kiennh kogeva neemiasjr murielle666 jesperbeisner hakanbaysal thienphamphu novius insbali codegourmet abdou-rn onewoorks neftaliyagua pabloaugustobarragan aasanakey otho-cloud updo claudiobastos hydrokat juliana20 dodocierny evoesports mrza-mrza moghwan ixbtcom reekind mhixvlaravel-keycloak-web-guard's Issues
Implement my user provider
Hello you can inform me how can I create my User Provider. What would be the necessary steps?
Is it possible to Save the User to the database?
Hello,
How can I save the Model when the user is authenticated to the database?
Thank you in advance!
Best,
Ivan
Too few arguments to function Vizir\KeycloakWebGuard\Models\KeycloakUser::__construct()
I tried make a test a simple authenticate, but after login page on Keycloak, i receive this callback error.
Too few arguments to function Vizir\KeycloakWebGuard\Models\KeycloakUser::__construct(), 0 passed in /var/www/html/projectpath/vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php on line 183 and exactly 1 expected
Someone have a suggestion to help me? Tks!!
Login Error
Hi,
A few months ago (around January), I added a Keycloak login feature (laravel-keycloak-web-guard) on my admin panel.
This one, worked very well, and today I wanted to update your dependency but I met an error.
When the KeycloakWeb :: getLoginUrl ()
method located in the login ()
method of the Vizir \ KeycloakWebGuard \ Controllers \ AuthController
controller is called, the server returns an 500 error with this message :
Symfony \ Component \ Debug \ Exception \ FatalThrowableError (E_RECOVERABLE_ERROR)
Argument 1 passed to Vizir \ KeycloakWebGuard \ Services \ KeycloakService :: __ construct () must implement interface GuzzleHttp \ ClientInterface, null given
So I tried to move this dependency into an earlier version (cfe8e76) and it works well.
Is this a mistake on your part, or do I have to add things?
Thank you in advance for your answers.
Regards,
Valentin.
Sending attributes and they are not written to the user
sending attributes and they are not written to the user
if ($user) {
$data = [
'email' => $user->email,
'username' => $user->email,
'id' => $user->id,
'firstName' => $user->name,
'lastName' => '',
'enabled' => true,
'emailVerified' => true,
'attributes' => [
'cpf' => '111.111.111-11',
'subdomain' => ['subdomain.domain.com']
],
// 'roles' => ['string'],
// 'groups' => ['string'],
'requiredActions' => ['requiredActions']
];
return response()->json($data);
}
Call to undefined method Vizir\KeycloakWebGuard\Auth\Guard\KeycloakWebGuard::viaRemember()
hello.
I use Laravel8 and jetstream.
I'm trying to redirect to the dashboard , which is a secure page, after logging in with keycloak.
This is my route setting.
Route::group(['middleware' => 'keycloak-web'], function () {
Route::get('/dashboard', function () {
return view('dashboard');
})->name('dashboard');
});
Route::get('/login', [\Vizir\KeycloakWebGuard\Controllers\AuthController::class, 'login'])->name('keycloak.login');
Route::get('/callback', [\Vizir\KeycloakWebGuard\Controllers\AuthController::class, 'callback'])->name('keycloak.callback');
Route::post('/logout', [\Vizir\KeycloakWebGuard\Controllers\AuthController::class, 'logout'])->name('keycloak.logout');
The callback method is working properly.
Call to undefined method Vizir\KeycloakWebGuard\Auth\Guard\KeycloakWebGuard::viaRemember()
vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php:42
How is it correct to resolve this error?
I added this to the KeycloakWebGuard.php
public function viaRemember()
{
return false;
}
Thank you.
question: how i should relationship KeyCloakUser with other entities?
how i should relationship KeyCloakUser with other entities?
example:
a single user can have many Tasks.
What is best way to save data of the first time user authenticates?
Hello,
I am using my own model with driver: keycloak-users, What is best way to save the name and email of the first time log in user to the application db ??
Currently i am able to save to the table, but i want to know is their any best way to do in service provider ??
[Keycloak Error] It was not possible to load OpenId configuration:
[Keycloak Error] It was not possible to load OpenId configuration: cURL error 35: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://localhost:8080/auth/realms/master/.well-known/openid-configuration
Error on auth: PKCE code verifier not specified
ERR_TOO_MANY_REDIRECTS error after successfull authorisation.
keycloak.login (redirect to KeyCloak-server url)
Authorisation process. Successfull.
keycloak.callback -> keycloak.login (redirect to KeyCloak-server url) ->
keycloak.callback -> keycloak.login (redirect to KeyCloak-server url) ->
keycloak.callback -> keycloak.login (redirect to KeyCloak url) ->
...
...
keycloak.callback -> Invalid state
Site has forwarded too many times.
Redirect-Problem with HTTPS after logging in
Hi,
I have a problem here with the redirection to the guarded page after logging in:
So the Keycloak login page is called, I log in there, Keycloak redirects to https://.../callback. All fine and good so far. But this callback URL is then redirecting to the HTTP homepage which is wrong, I need it to redirect to the HTTPS URL.
My attempts so far:
- APP_URL is set to
https://...
Providers/AppServiceProvider::boot
containsURL::forceScheme('https');
Is there anything else I can do here?
Problem with Cors and web middleware
Hey guys,
i have some Problem, with the logout when i add the web middleware:
Route::middleware(['web', 'keycloak'])
//->middleware('keycloak')
->namespace($this->namespace)
->group(base_path('routes/web.php'));
I do this to make the route model binding work. When i do it like your documentation, the logout works, but not the model binding. With the web middleware, i got an cors error, login works correctly
Cheers
Ralf
Many redirects after sign-in
Hi,
I'm currently trying to implement the package, but after I login I'm encountering and error. It redirects me too many times. What do you think is the issue?
Thank you for the amazing package!
Originally posted by @rickcwlng-hc in #8 (comment)
Unauthenticated after callback
I installed the package and setup as in readme. First time I tried to access my protected page, it redirected me to the keycloak auth page, which was as expected.
But after login, it redirected me to the previous page, but then it couldn't authenticate me and finally returning an error exception:
InvalidArgumentException
Route [keycloak.login] not defined.
In the vendor\vizir\laravel-keycloak-web-guard\src\Controller\AuthController.php , in the callback(), after if (Auth::validate($token)), i tried to print out Auth:user() then run /login again (to have it go to the keycloak server and run again the token), it printed out the user information properly.
Any idea please?
[Keycloak Error] User cannot be authenticated
The hasExpired function (KeycloakAccessToken) was returning true if $exp was greater than time(). The hasExpired function only should returning true when the $exp is less than or equal time(), that is, when the token has expired.
Retrieving session
it does not retrieve user credentials from session in keycloak-web middleware
Looping of callback for authenticated user.
i faced a problem where user is authenticated on another application via keycloak and when i login to my app it loops into authentication and login and result into error page. As per the debugging done, when i login from my app callback comes with query whereas when my app reach to keycloak when user is already authenticated it send it back with # prepend to query in place of ?. please tell me as it logsout frequently as it doesn't know where to redirect the user if he is already logged in.
thank you
Gate integration
// AuthServiceProvider@boot
Gate::before(function ($user, $ability) {
return $user->hasRole($ability) ?: null;
});
// HomeController@admin
public function admin() {
$this->authorize('superadmin');
return response()->json([
'result' => 'welcome superadmin'
]);
}
this allows better integration with the laravel eco-system and moves the custom middlewares to deprecation.
maybe we should add this in the documentation.
[Keycloak Error] Invalid state
After registration gives me this error:
Vizir\KeycloakWebGuard\Exceptions\KeycloakCallbackException
[Keycloak Error] Invalid state
File: vendor\vizir\laravel-keycloak-web-guard\src\Controllers\AuthController.php:72
Help me solve this problem
Target [GuzzleHttp\ClientInterface] is not instantiable while building [Vizir\KeycloakWebGuard\Services\KeycloakService].
Hello,
I'm facing this error when trying to use the library.
Any Idea ?
git repo : https://github.com/Jenkiiz/web_guard.git
Permissions
How can I handle permissions individually without roles?
Authentication Events
Laravel newbie here.
Is there any way for this to plug-in to https://laravel.com/docs/7.x/authentication#events ?
Or any suggestions on how to approach something like that when using laravel-keycloak-web-guard ?
Problem In Keycloak Web Gate
Hi,
I am using Laravel and Vue.Js. Login and redirection is working fine. But i am getting following error when i try to use
"abort_if(Gate::denies('keycloak-web','Client Admin'), Response::HTTP_FORBIDDEN, '403 Forbidden') " in my controller.
'Client Admin' is the Keycloak client Role.
message | "Argument 1 passed to Spatie\Permission\PermissionRegistrar::Spatie\Permission\{closure}() must be an instance of Illuminate\Contracts\Auth\Access\Authorizable, instance of Vizir\KeycloakWebGuard\Models\KeycloakUser given, called in /opt/lampp/htdocs/XXXweb/vendor/laravel/framework/src/Illuminate/Auth/Access/Gate.php on line 495"
exception | "TypeError"
file | "/opt/lampp/htdocs/XXXweb/vendor/spatie/laravel-permission/src/PermissionRegistrar.php"
And also i have role and their permission in my application. I want to use my application permission instead of keycloak resoureces.
auth.php
guards' => [
'web' => [
'driver' => 'keycloak-web',
'provider' => 'keycloak-users',
],
'api' => [
'driver' => 'keycloak-web',
'provider' => 'keycloak-users',
'hash' => false,
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'keycloak-users' => [
'driver' => 'keycloak-users',
'model' => Vizir\KeycloakWebGuard\Models\KeycloakUser::class,
],
],
Authentication user provider [keycloak-users] is not defined.
I followed all the instructions, however i end up this error.
Keycloak Error
Package not work with Laravel 9
Illuminate\Contracts\Auth\Guard was updated in the Laravel 9 version, where the function hasUser() was declarated.
'Vizir\KeycloakWebGuard\Auth\Guard\KeycloakWebGuard' does not implement method 'hasUser'
Problem with package in a Docker Stack
Hey Guys,
i have an Problem with the Guard :(
I use a docker stack with keycloak and traefik. My Laravel App call's the getOpenIdConfiguration() and throws the error, that the Keycloak Server with the Connection is refused over Port 443 is. When i set the KEYCLOAK_BASE_URL to the Container Name with the Port 8443 then it works, but not for the redirect URL, beycause in the URL is the Port 8443 included.
This is my Docker Keycloak Part:
keycloak:
container_name: ${KEYCLOAK}
depends_on:
- ${DATABASE_SERVICES}
environment:
- DB_VENDOR=mysql
- DB_ADDR=${DATABASE_SERVICES}
- DB_DATABASE=${KEYCLOAK_DB}
- DB_USER=${MYSQL_USER}
- DB_PASSWORD=${MYSQL_PASSWORD}
- PROXY_ADDRESS_FORWARDING=true
- KEYCLOAK_USER=${KEYCLOAK_USER}
- KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
- JDBC_PARAMS=connectTimeout=3000&useSSL=false&serverTimezone=Europe/Berlin
- KEYCLOAK_HOSTNAME=${KEYCLOAK_URL}
- HOSTNAME=${KEYCLOAK}
image: jboss/keycloak:latest
labels:
- traefik.enable=true
- traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_URL}`)
- traefik.http.routers.keycloak.tls=true
- traefik.http.routers.keycloak.tls.certresolver=${CERT_RESOLVER}
networks:
unitfactory:
aliases:
- ${KEYCLOAK_URL}
internal:
aliases:
- ${KEYCLOAK_URL}
restart: always
What do i wrong?
Cheers
Ralf
How to replicate the web keycloak token for requests via api
My auth.php
'guards' => [
'web' => [
//'driver' => 'session',
'driver' => 'keycloak-web',
'provider' => 'users',
],
'api' => [
'driver' => 'keycloak-web', <---- is corret?
'provider' => 'users',
'hash' => false,
],
How to replicate keycloak web token for ajax requests by laravel api.
My ajax requests come with empty token.
{"errors":[{"message":"Unauthenticated.","extensions":{"guards":["api"],"category":"authentication"},
How to Refresh access token using keycloak web guard.
Do package have any controller action which refresh access token using refresh token so i can use than action as ajax callback for refreshing session and keycloak token.
thanks
Laravel 5.2 Support
Does this support Laravel 5.2?
Using database sessions not working due to the email being used as key
Hi,
we are using the database for storing the sessions with the recommended schema:
Schema::create('sessions', function (Blueprint $table) {
$table->string('id')->primary();
$table->foreignId('user_id')->nullable()->index();
$table->string('ip_address', 45)->nullable();
$table->text('user_agent')->nullable();
$table->text('payload');
$table->integer('last_activity')->index();
});
But using the given model in the provider like this (auth.php):
'providers' => [
'users' => [
'driver' => 'keycloak-users',
'model' => Vizir\KeycloakWebGuard\Models\KeycloakUser::class,
],
],
It results in an exception when it tries to store the session:
[previous exception] [object] (PDOException(code: 22P02): SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for type bigint: "[email protected]" at /var/www/laravel/vendor/laravel/framework/src/Illuminate/Database/Connection.php:510)
What could I do here?
Error: Call to undefined method Vizir\KeycloakWebGuard\Auth\Guard\KeycloakWebGuard::attempt()
When I try on laravel 7 it throws an error
While register and login
Anything I need to do
I had set up both /config/keycloak-web.php, /config/auth.php files as per the documentation
For more info: https://ibb.co/b2ct0xp
How to get login URL?
Hi,
I have some problem to configure the framework.
How can I configure the login form?
I follow you readme but now I don't know how to authenticate the user.
Thanks
Mattia
How to get user attributes like username, user id, etc?
Hello,
How can I fetch additional user attributes like user id, username data?
Thank you in advance!
Best,
Nars
Laravel 8 support?
Wrong redirection
Hello,
I've trouble to set the plugin working with my keycloak local development infrastructure.
I've a keycloak container that answer to https://keycloak.dev.local:8443/auth
and a laravel / bootstrap frontend that answer to http://serversrequests.dev.local/
.
In keycloak I've set a Realm named ServersRequests
with a public client frontend-public
.
The Valid Redirect URIs
of the public client is http://serversrequests.dev.local/*
.
I hope, when I opened my root url (http://serversrequests.dev.local/
), to be redirected to my keycloak address, something like: https://keycloak.dev.local:8443/auth/realms/ServersRequests/protocol/openid-connect/auth?cliend_id=frontend-public&&redirect_uri=http%3A%2F%2Fserversrequests.dev.local%2F
but instead i get redirected to http://serversrequests.dev.local/login
which indeed not exist and I get a Guzzle error:
Error
Call to undefined method GuzzleHttp\Exception\ConnectException::getResponse()
Located in: vendor/vizir/laravel-keycloak-web-guard/src/Services/KeycloakService.php:577
Is there's something I miss in my configuration ?
Here's my configuration files:
config/keycloak-web.php
:
<?php
return [
'base_url' => env('KEYCLOAK_BASE_URL', 'https://keycloak.dev.local:8443/auth'),
'realm' => env('KEYCLOAK_REALM', 'ServersRequests'),
'realm_public_key' => env('KEYCLOAK_REALM_PUBLIC_KEY', null),
'client_id' => env('KEYCLOAK_CLIENT_ID', 'frontend-public'),
'client_secret' => env('KEYCLOAK_CLIENT_SECRET', null),
'cache_openid' => env('KEYCLOAK_CACHE_OPENID', false),
'redirect_url' => '/',
'routes' => [
'login' => 'login',
'logout' => 'logout',
'register' => 'register',
'callback' => 'callback',
],
'guzzle_options' => [],
];
config/auth.php
<?php
return [
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'keycloak-web',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
],
'providers' => [
'users' => [
'driver' => 'keycloak-users',
'model' => Vizir\KeycloakWebGuard\Models\KeycloakUser::class,
],
],
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
],
'password_timeout' => 10800,
];
routes/web.php
<?php
use Illuminate\Support\Facades\Route;
Route::group(['middleware' => 'keycloak-web'], function () {
Route::get('/', function () {
return view('home');
});
Route::resource('servers', 'App\Http\Controllers\ServerController');
Route::resource('tests', 'App\Http\Controllers\TestController');
});
Is there any demo?
I'm having trouble implementing some things
Sync Keycloak users with Laravel database
how we can sync users to refer in local database as foreign key?
a sync command can be a cool option to solve that.
add user data on login doesn't solve the problem, cuz if you need to refer a user than never logged you can't.
--
related to #34
WebGuard attempt undefined
I've installed this package on fresh laravel 6.2, with auth configured via:
composer require laravel/ui
php artisan ui vue --auth
then i followed the step described in the docs, NB my app not have a db installed on local, it use keycloak to login over a service that will provide data etc.
this is the errore showed to me when i try to attemp a login:
stuck on login loop
Hello,
I have a problem at login.
The moment I try to log in the login screen keeps loading and only enters when I update the page.
I followed the FAQ's guidelines but it didn't work.
Problem with Auth user
Hey guys,
the middleware redirect to often to login.
I debug this, and in the Guard the setUser() sets the user, but the user is null in the KeycloakAuthenticated Middleware. Thats why the middleware redirects to /login, Keycloak says, user is logged, and so on. Until the Browser breaks with to many redirects.
Something should wrong in the Guard, and it's look like, that the user from keycloak doesn't attempt to Auth?
Answer from @mariovalney in #42 (comment)
How can i check the session? When i look in the session folder there are 16 session files for on process.
Cheers
Ralf
[Keycloak Error] User cannot be authenticated
can you explain step by step about this?
"How to implement my Model?
We registered a new user provider that you configured on config/auth.php called "keycloak-users".
In this same configuration you setted the model. So you can register your own model extending Vizir\KeycloakWebGuard\Models\KeycloakUser class and changing this configuration.
You can implement your own User Provider: just remember to implement the retrieveByCredentials method receiving the Keycloak Profile information to retrieve a instance of model.
Eloquent/Database User Provider should work well as they will parse the Keycloak Profile and make a "where" to your database. So your user data must match with Keycloak Profile."
coz, i have error this [Keycloak Error] User cannot be authenticated
User registeration url
The getRegisterUrl() method in KeycloakService does not provide required parameters for user registeration url .
Error callback, save session
GuzzleHttp\ClientInterface issue
Hi,
Really appreciate you putting out this package.
I'm using Laravel 7
and 1.5.5 of this
Argument 1 passed to Vizir\KeycloakWebGuard\Services\KeycloakService::__construct() must implement interface GuzzleHttp\ClientInterface, null given (View: /home/vagrant/code/community/resources/views/welcome.blade.php)
And I'm trying this on homestead with Keycloak running on docker
Appreciate it if you can help me out with this.
Route [keycloak.callback] not defined. - AuthServiceProvider
Hi.
I have the following Probem:
I am trying to use the Laravel Authorization Gate in the boot method of the AuthServiceProvider.php
public function boot(){
$this->registerPolicies();
if (Gate::denies('keycloak-web', 'auth')) {
return abort(403);
}
}
If I try to access the page, I always get "Route [keycloak.callback] not defined.".
The following routes are defined in the the web.php:
Route::get('/login', [\Vizir\KeycloakWebGuard\Controllers\AuthController::class, 'login'])->name('keycloak.login');
Route::get('/callback', [\Vizir\KeycloakWebGuard\Controllers\AuthController::class, 'callback'])->name('keycloak.callback');
Route::post('/logout', [\Vizir\KeycloakWebGuard\Controllers\AuthController::class, 'logout'])->name('keycloak.logout');
Can you tell me, why the route is not definied?
Unable to load the home page after the keycloak login is successfull.
Hi,
I have done all the changes to integrate keycloak to my laravel application and I am able to authenticate. Once the keycloak login is successful app should redirect to home page.
I have changed RouterServiceProvider.php like below. Here the UI routes(using Vue) which I am triggering through web.php file is not getting loaded. If I don't use keycloak-web middleware all the routes are working but there will no keycloak authentication.
protected function mapWebRoutes()
{
Route::prefix('admin')
->middleware('keycloak-web')
->namespace($this->namespace)
->group(base_path('routes/web.php'));
// Route::middleware('web')
// ->namespace($this->namespace)
// ->group(base_path('routes/web.php'));
}
I am getting 404 not found for all the routes. Please help me regarding my issue.
SSL Problem
Hi,
I'm trying to integrate your keycloak web guard in my laravel project.
When I open the page in localhost (http:\127.0.0.1:8080) I receive this error "[Keycloak Error] It was not possible to load OpenId configuration: cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)"
How can I resolved it? Could you help me?
Thanks,
Mattia
Expired token throw [Keycloak Error] User cannot be authenticated
When I reopen a page containing Auth::hasRole('XXX') with an expired token I've got a an exception "[Keycloak Error] User cannot be authenticated" (throwed by vendor/vizir/laravel-keycloak-web-guard/src/Auth/Guard/KeycloakWebGuard.php:133).
Is it possible to handle expired tokens (and redirect the user to login route) keeping the exception for authentication errors?
Thanks
Error accessing the first time
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.