Openid-Connect with Keycloak - blank page after login {}

pronext · March 15, 2023, 7:52pm

Dear Frappe Community,

I am struggeling for a long time, to get OpenID-Connect (via Keycloak) to work with ERPNext.

Some guys already had that problems in a old discussion, which did not had any solution:

My system has following details:

ERPNext: v14.18.3 (version-14)
Frappe Framework: v14.28.2 (version-14)
FrappeDesk: v0.6.5 (main)
Frappe HR: v14.1.2 (version-14)
Payments: v0.0.1 (develop)

I am using Keycloak on several other setups without any problems and now wanted to use the Social Login Key functionality on ERPNext on:

https://erp. example.com/app/social-login-key/

I was following this documentation in detail:

https://docs.erpnext.com/docs/v14/user/manual/en/erpnext_integration/fairlogin-integration
(!! be aware that the documentation is for a outdated Keycloak version under v20 which uses different URLs. I use v20+ and used the correct urls respectively. )

I used following settings in ERPNext Social Login Key Settings:

Client ID id from openid-connect client copied from my keycloak
Client Secret secret from from openid-connect client copied from my keycloak
Base URL https://keycloak.example.com/realms/myrealm
Authorize URL /protocol/openid-connect/auth
Access Token URL/protocol/openid-connect/token
Redirect URL /api/method/frappe.integrations.oauth2_logins.custom/myrealm
API Endpoint https://keycloak.example.com/realms/myrealm/protocol/openid-connect/userinfo
Auth URL Data {“response_type”: “code”, “scope”: “openid”}

I used following settings in my Keycloak Client setup:

Home URL https://erp.example.com
Root URL https://erp.example.com
Valid redirect URIs https://erp.example.com/*

ERROR

(strangely without error logs or messages in the logs)

I go to my Login page https://erp.example.com/#login
I click on Login with Keycloak
My Keycloak login openes and I login (successful login log in Keycloak)
Keycloak redirects to ERPNext and a blank page with only “{}” is displayed

URL in Browser
https://erp. example.com/api/method/frappe.integrations.oauth2_logins.custom?state=xxxxxxxxxxxxxxx&code=xxxxxxxxxxxxxxxxxxxxxxxx

frappe.log content
Site: erp.example.com
Form Dict: {‘state’: ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’, ‘session_state’: ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’, ‘cmd’: ‘frappe.integrations.oauth2_logins.custom’}

i cannot open any other url on my ERPNext instance and get right back to the ERPNext Login Page

It seems like ERPNext is not finalizing the login correctly…

Does anybody have a idea how to solve it, please?

revant_one · March 15, 2023, 10:56pm

this user (Profile - lapphan - Frappe Forum) was able to use keycloak. I don’t know if the user is still active

pronext · March 15, 2023, 11:11pm

Yes that is 3 years ago. Keycloak is not some niche Auth provider and especially on authentification in ERPNext there must be some logs for controlling purposes which I could not find anywhere.

I tried to reach Profile - lapphan - Frappe Forum him but he has been last seen 2 years ago…

I would be really happy to finally get it working and then supply a generalized and up to date documentation for the Frappe Docs, which is not based on some outdated fairkom setup on ERPNext v14 version.

Thank you very much.

revant_one · March 15, 2023, 11:24pm

provide test access to keycloak if you can, I’ll try setting up locally or also provide test access to your ERPNext setup.