Keycloak configuration with occ

ℹ️ Support
, , , ,
1

Bonjour :waving_hand:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
  • Is this the first time you’ve seen this error? (Yes / No):
    • yes
  • When did this problem seem to first start?
    • no
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • AIO
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • no

Summary of the issue you are facing:

Unable to create custom provider in social login app with `occ` command

Steps to replicate it (hint: details matter!):waving_hand:

I create a Ansible task:

    - name: "Nextcloud | Configure Social login settings"
      community.docker.docker_container_exec:
        container: "nextcloud-aio-nextcloud"
        command: "su -s /bin/sh www-data -c 'php occ config:app:set sociallogin custom_providers --value=\"{{ nextcloud_sso_setting | to_json }}\"'"
      vars:
        nextcloud_sso_setting:
          custom_oidc:
            - name: "keycloak"
              title: "keycloak"
              authorizeUrl: "{{ keycloak_url }}/realms/{{ keycloak_realm }}/protocol/openid-connect/auth"
              tokenUrl: "{{ keycloak_url }}/realms/{{ keycloak_realm }}/protocol/openid-connect/token"
              userInfoUrl: "{{ keycloak_url }}/realms/{{ keycloak_realm }}/protocol/openid-connect/userinfo"
              logoutUrl: "{{ keycloak_url }}/realms/{{ keycloak_realm }}/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2F{{ nextcloud_hostname }}&client_id={{ nextcloud_keycloak_client_id }}"
              clientId: "{{ nextcloud_keycloak_client_id }}"
              clientSecret: "{{ nextcloud_keycloak_client_secret }}"
              scope: "openid,nextcloud-groups,profile"
              groupsClaim: "groups"
              style: "keycloak"
              defaultGroup: ""
              groupMapping:
                groups:
                  admin: "admin"
                  utilisateurs: "utilisateurs"
                  entreprise: "entreprise"
        nextcloud_keycloak_client_id: "nextcloud.domain.tld"
        nextcloud_keycloak_client_secret: "your_client_secret_here"
        nextcloud_keycloak_group_mapping: '{"groups": {"admin": "admin", "utilisateurs": "utilisateurs", "entreprise": "entreprise"}}'
        nextcloud_hostname: "nextcloud.domain.tld"

Log entries

Ansible

changed: [host] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "api_version": "auto",
            "argv": null,
            "ca_path": null,
            "chdir": null,
            "client_cert": null,
            "client_key": null,
            "command": "su -s /bin/sh www-data -c 'php occ config:app:set sociallogin custom_providers --value=\"{\"custom_oidc\": [{\"name\": \"keycloak\", \"title\": \"keycloak\", \"authorizeUrl\": \"https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/auth\", \"tokenUrl\": \"https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/token\", \"userInfoUrl\": \"https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/userinfo\", \"logoutUrl\": \"https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fnextcloud.domain.tld&client_id=nextcloud.domain.tld\", \"clientId\": \"nextcloud.domain.tld\", \"clientSecret\": \"your_client_secret_here\", \"scope\": \"openid,nextcloud-groups,profile\", \"groupsClaim\": \"groups\", \"style\": \"keycloak\", \"defaultGroup\": \"\", \"groupMapping\": {\"groups\": {\"admin\": \"admin\", \"utilisateurs\": \"utilisateurs\", \"entreprise\": \"entreprise\"}}}]}\"'",
            "container": "nextcloud-aio-nextcloud",
            "debug": false,
            "detach": false,
            "docker_host": "unix:///var/run/docker.sock",
            "env": null,
            "ssl_version": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "timeout": 60,
            "tls": false,
            "tls_hostname": null,
            "tty": false,
            "use_ssh_client": false,
            "user": null,
            "validate_certs": false
        }
    },
    "rc": 0,
    "stderr": "",
    "stderr_lines": [],
    "stdout": "Config value 'custom_providers' for app 'sociallogin' is now set to '{custom_oidc: [{name: keycloak, title: keycloak, authorizeUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/auth, tokenUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/token, userInfoUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/userinfo, logoutUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fnextcloud.domain.tld', stored as mixed in fast cache",
    "stdout_lines": [
        "Config value 'custom_providers' for app 'sociallogin' is now set to '{custom_oidc: [{name: keycloak, title: keycloak, authorizeUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/auth, tokenUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/token, userInfoUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/userinfo, logoutUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fnextcloud.domain.tld', stored as mixed in fast cache"
    ]
}

It seems to works.

"Config value 'custom_providers' for app 'sociallogin' is now set to '{custom_oidc: [{name: keycloak, title: keycloak, authorizeUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/auth, tokenUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/token, userInfoUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/userinfo, logoutUrl: https://keycloak.domain.tld/realms/myrealm/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fnextcloud.domain.tld', stored as mixed in fast cache"

But in Nextcloud, no custom provider appears.

I tried with command line in container shell, same result with another message: `Config value were not updated`


su -s /bin/sh www-data -c 'php occ config:app:set sociallogin custom_providers --value="{"custom_oidc": [{"name": "keycloak", "title": "keycloak", "authorizeUrl": "https://keycloak.domain.tld/realms/myrealms/protocol/openid-connect/auth", "tokenUrl": "https://keycloak.domain.tld/realms/myrealms/protocol/openid-connect/token", "userInfoUrl": "https://keycloak.domain.tld/realms/myrealms/protocol/openid-connect/userinfo", "logoutUrl": "https://keycloak.domain.tld/realms/myrealms/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fnextcloud.domain.tld&client_id=nextcloud.domain.tld", "clientId": "nextcloud.domain.tld", "clientSecret": "your_client_secret_here", "scope": "openid,nextcloud-groups,profile", "groupsClaim": "groups", "style": "keycloak", "defaultGroup": "", "groupMapping": {"groups": {"admin": "admin", "utilisateurs": "utilisateurs", "entreprise": "entreprise"}}}]}"'

When I set manually by UI, it work fine.

Where is my mistake in command?

Thanks?

2

I assume the shell tries to interpolate the data inside of the quotes and curly braces. I would recommend you enclose the data in single quotes like --value='{"custom_oidc": ...}'