Minio Login is not working from OIDC(keycloak).

[Ayur541]

Hi,

I tried logging into MinIO with Keycloak which is failing and throwing below error.

Earlier versions of MinIO were logging in fine as stated in #3099 but when trying it with above mentioned (which was latest release) MinIO verison is failing.

I followed below steps for integrating MinIO with Keycloak.
https://github.com/minio/minio/blob/RELEASE.2022-09-17T00-09-45Z/docs/sts/keycloak.md
Please suggest a fix.

Thanks.

[dvaldivia]

We'll look into this @Ayur541

[adriangitvitz]

Could you share your keycloak version ? And also could you verify that you are able to reach your keycloak instance, and any logs from your minio instance would be useful

[Ayur541]

Could you share your keycloak version ? And also could you verify that you are able to reach your keycloak instance, and any logs from your minio instance would be useful

Sure @adriangitvitz ,

Keycloak version : 22.0.5

Yes, it's able to reach keycloak and after entering the login credentials for keycloak, I see the above pasted error page but no logs from any instances are seen.

[adriangitvitz]

could you follow these instructions instead ?
https://min.io/docs/minio/macos/operations/external-iam/configure-keycloak-identity-management.html

and verify your URL on the Keycloak client side

Also verify your client scopes ( just in case ), and use this env variables

MINIO_IDENTITY_OPENID_CLIENT_ID_PRIMARY_IAM=client-id;
MINIO_IDENTITY_OPENID_CLIENT_SECRET_PRIMARY_IAM=client-secret;
MINIO_IDENTITY_OPENID_CONFIG_URL_PRIMARY_IAM=well-known-url;
MINIO_IDENTITY_OPENID_DISPLAY_NAME_PRIMARY_IAM=SSO_IDENTIFIER;
MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC_PRIMARY_IAM=on;
MINIO_IDENTITY_OPENID_SCOPES_PRIMARY_IAM=openid

[cesnietor]

We'll change the README docs to point to the proper doc link.

[dvaldivia]

please re-open if the problem persists