Login on beta not working

[trugwaldsaenger]

Unable to login to beta. When trying to login I receive the message "Error:OpenID Connect Provider error: Error in handling response type."

[jurecuhalev]

Maybe @dr0i can see some more specific errors in server logs. I can't fix things on server and it seems like a possible server configuration issue.

[dr0i]

From the logs:

[auth_openidc:error] [pid 29943] [client xxx ] oidc_util_json_string_print: oidc_util_check_json_error: response contained an "error_description" entry with value: ""Invalid client secret"", ...

Doing a bit of research, seems keycloak's security mechanism. I couldn't find any hint in the configs, revisions nor copies. Is this somehow tied to the SSL cert of the domain (cert was updated last month or so)?
Did a shot in the dark by configuring OIDC_* in oerworldmap/conf/vhost.conf to the same values used at production.
Please test this.

[jurecuhalev]

It didn't help. I'm still getting the same error.

[dr0i]

I have set the OIDC_CLIENT_SECRET in conf/vhost.conf to the value found in:

https://beta.oerworldmap.org/auth ->Clients->account->Credential

I did register to test this myself. Login seems ok. But I got new error:

oidc_util_jwt_verify: parsing JWT failed: [src/jose.c:694: oidc_jwe_decrypt_impl]: encrypted JWT could not be decrypted with any of the 1 keys: error for last tried key is: crypto error

Seems related to https://stackoverflow.com/questions/61240827/mod-auth-openidc-and-cilogon.
Is this an issue for you or is this ok ?

[trugwaldsaenger]

I could login with an existing user as well as register a new user. I did not receive the new error you mentioned. So from my side things look OK at the moment :-) !

I will ask some colleagues to do some additional testing...

[jurecuhalev]

I can login on beta now without errors. So I think for beta testing this is OK now. Thank you @dr0i .

@trugwaldsaenger in the future, we'll probably need to reinvest into deeper understanding of Keycloak (or once again move to a different identity provider)