Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

Support Installation & Updates
  1. OpenProject
  2. Forums
  3. Support Installation & Updates
  4. upgrade 9.0.3 to 10.0.0 breakes OpenID

upgrade 9.0.3 to 10.0.0 breakes OpenID

Added by Andreas Keller over 5 years ago

OpenProject v9.03 on Debian 9 works great using OpenID with Keycloak Server. After upgrade to OpenProject 10.0 OpenID doesn't work anymore with the configuration below.

Instead of redirecting a user without valid ticket to https://auth.mserver.org/auth/realms/master/protocol/openid-connect/auth?client_id=OpenProjectMartin&nonce=762d9653255d825d59f8a9cd66e1953b&redirect_uri=https%3A%2F%2Fopenproject.heiliger-martin-kaiserslautern.de%2Fauth%2Fkeycloak%2Fcallback&response_type=code&scope=openid+email+profile&state=8f713708462dcdde48b8b6c471297cea

user is directed to https://openproject.hserver.de/auth/keycloak with error message: Fehler: Datei nicht gefunden      Beim Verbinden mit openproject.hserver.de trat ein Fehler auf.

The working configuration (till v. 9.0.3) in file /opt/openproject/config/configuration.yml below default:

 openid_connect:

   keycloak:

     sso: true

     host: "auth.mserver.org"

     identifier: "OpenProjectMartin"

     secret: "e333-333-333-33333-3333-3333b"

     icon: "openid_connect/auth_provider-google.png"

     display_name: "KeyCloak Authorisation"

     authorization_endpoint: "https://auth.mserver.org/auth/realms/master/protocol/openid-connect/auth"

     token_endpoint: 'https://auth.mserver.org/auth/realms/master/protocol/openid-connect/token'

     userinfo_endpoint: 'https://auth.mserver.org/auth/realms/master/protocol/openid-connect/userinfo'

     end_session_endpoint: 'https://auth.mserver.org/auth/realms/master/protocol/openid-connect/logout'

     check_session_iframe: 'https://auth.mserver.org/auth/realms/master/protocol/openid-connect/login-status-iframe.html'

     issuer: 'https://openproject.hserver.de/login'

     discovery: false

 disable_password_login: true

 omniauth_direct_login_provider: keycloak

Regards

Andreas


Replies (1)

RE: upgrade 9.0.3 to 10.0.0 breakes OpenID - Added by Oliver Günther over 5 years ago

Hi Andreas,

this is the same issue was in https://community.openproject.com/topics/11243?r=11272#message-11272 SSO Authentication was an Enterprise Edition feature that was not technically blocked in older versions and this has been corrected in 10.0.

I'll reach out to you how we can resolve the immediate issue at hand.

Best,

Oliver

  • (1 - 1/1)
Loading...