ERPnext Keycloak Setup Error

Hello there, I am trying first time to setup KeyCloak and use it with ERPnext.

I have setup as per different articles here on this forum.

I have got this button as Social Login

After that, I get redirected to KeyCloak login screen and I put the credentials there.

After that I get redirected to my ERPnext instance but I am getting this error.

This is the stacktrace I am getting on terminal.

Traceback (most recent call last):
19:29:20 web.1         |   File "apps/frappe/frappe/app.py", line 110, in application
19:29:20 web.1         |     response = frappe.api.handle(request)
19:29:20 web.1         |   File "apps/frappe/frappe/api/__init__.py", line 49, in handle
19:29:20 web.1         |     data = endpoint(**arguments)
19:29:20 web.1         |   File "apps/frappe/frappe/api/v1.py", line 36, in handle_rpc_call
19:29:20 web.1         |     return frappe.handler.handle()
19:29:20 web.1         |   File "apps/frappe/frappe/handler.py", line 49, in handle
19:29:20 web.1         |     data = execute_cmd(cmd)
19:29:20 web.1         |   File "apps/frappe/frappe/handler.py", line 85, in execute_cmd
19:29:20 web.1         |     return frappe.call(method, **frappe.form_dict)
19:29:20 web.1         |   File "apps/frappe/frappe/__init__.py", line 1689, in call
19:29:20 web.1         |     return fn(*args, **newargs)
19:29:20 web.1         |   File "apps/frappe/frappe/utils/typing_validations.py", line 31, in wrapper
19:29:20 web.1         |     return func(*args, **kwargs)
19:29:20 web.1         |   File "apps/frappe/frappe/integrations/oauth2_logins.py", line 43, in login_via_fairlogin
19:29:20 web.1         |     login_via_oauth2("fairlogin", code, state, decoder=decoder_compat)
19:29:20 web.1         |   File "apps/frappe/frappe/utils/oauth.py", line 114, in login_via_oauth2
19:29:20 web.1         |     info = get_info_via_oauth(provider, code, decoder)
19:29:20 web.1         |   File "apps/frappe/frappe/utils/oauth.py", line 131, in get_info_via_oauth
19:29:20 web.1         |     flow = get_oauth2_flow(provider)
19:29:20 web.1         |   File "apps/frappe/frappe/utils/oauth.py", line 88, in get_oauth2_flow
19:29:20 web.1         |     params = get_oauth_keys(provider)
19:29:20 web.1         |   File "apps/frappe/frappe/utils/oauth.py", line 57, in get_oauth_keys
19:29:20 web.1         |     "client_secret": get_decrypted_password("Social Login Key", provider, "client_secret"),
19:29:20 web.1         |   File "apps/frappe/frappe/utils/password.py", line 41, in get_decrypted_password
19:29:20 web.1         |     frappe.throw(
19:29:20 web.1         |   File "apps/frappe/frappe/__init__.py", line 577, in throw
19:29:20 web.1         |     msgprint(
19:29:20 web.1         |   File "apps/frappe/frappe/__init__.py", line 549, in msgprint
19:29:20 web.1         |     _raise_exception()
19:29:20 web.1         |   File "apps/frappe/frappe/__init__.py", line 500, in _raise_exception
19:29:20 web.1         |     raise exc
19:29:20 web.1         | frappe.exceptions.AuthenticationError: Password not found for Social Login Key fairlogin client_secret
19:29:20 web.1         | 
19:29:20 web.1         | 127.0.0.1 - - [04/Dec/2023 19:29:20] "GET /api/method/frappe.integrations.oauth2_logins.login_via_fairlogin?state=eyJzaXRlIjogImh0dHA6Ly9lcnAubG9jYWw6ODAwMSIsICJ0b2tlbiI6ICI3MDQ3M2I3OTM0YjQwMGI1YzdkODk0NmUyMjY2NTMzZTg1YTVkOThlODNjYzcxOTM5YjRmYmI4NyIsICJyZWRpcmVjdF90byI6IG51bGx9&session_state=41cdc34a-6647-43e5-98ab-79d95e52550a&iss=http://localhost:8080/realms/test&code=e4b67a1f-a044-4e13-b681-0543baf64056.41cdc34a-6647-43e5-98ab-79d95e52550a.fa89d494-8d14-4e54-85a2-ecdd3aed8ac0 HTTP/1.1" 401 -

My ERPnext SSO configuration is like this.

Any help on it?’

Did you manage to find any fix/solution?

Found a functioning solution, finally.

You have to name the provider name as “fairlogin”, set it up using
Base URL : https://REALM_URL/realms/REALM_NAME
Configuration: Sign ups ALLOW
Client URL: /protocol/openid-connect/auth
Access Token URL: /protocol/openid-connect/token
Redirect URL: https://REALM_URL/api/method/frappe.integrations.oauth2_logins.login_via_fairlogin
API ENDPOINT: https://REALM_URL/realms/Apuacom/protocol/openid-connect/userinfo

***these last 2 MUST contain full url or they’ll be parsed wrong!
Auth URL DATA{“response_type” : “code”, “scope”: “openid email profile”}

Hi, when I set the provider as “fairlogin”, I auto fills all the details. Like this:


And when I add the clientID and client secret and login via fairlogin, It says invalid uri.