When using Keycloak authentication (openid-connect), after successful authentication, the redirect fails with a message "You are not authorized to login."
Keycloak logs shows: error=invalid_redirect_uri, redirect_uri=https://{mydomain}/login/keycloak/callback
Wiki.js is trying to get to
https://{mydomain}/login/keycloak/callback?session_state=ee0b97f4-4c59-....-0c68557f668b
What I'm doing wrong? Please help.
yuanpeterli
All 6 comments
If you haven't already, try to specify valid redirect URIs in your Keycloak client and put /* at the end of the url, like this: https://mydomain.com/callback/*
Jamsek-m
on 5 Feb 2020
+1 on this issue, I have a similar issue but without invalid redirect uri.
charlie-hotel
on 10 Feb 2020
Make sure you enable self registration.
sigfriedseldeslachts
on 11 Feb 2020
You have to set root URL and valid redirection URI's in keycloak. Set the root url to the path to your wiki and add /login/keycloak/callback to the valid redirection URI's.
michidk
on 1 Apr 2020
Enabling self registration fixed it for me, however, do you know if we can map keycloak roles to wiki.js roles ?
Elfikurr
on 22 Sep 2020
Enabling self registration fixed it for me, however, do you know if we can map keycloak roles to wiki.js roles ?
No this is not possible, and exactly the reason, why we switched over to xwiki.
michidk
on 23 Sep 2020
Related issues
LionNatsu
路
3Comments
SharkProgramming
路
4Comments
thinkh
路
4Comments
p-se
路
3Comments
sleepadru
路
4Comments