Auth using Keycloak problem

[DimitryVo]

A problem KeyCloak auth.

Hello, if I set option "JICOFO_ENABLE_AUTH=false", jitsi dont redirect auth to Keycloak and login me as moderator without auth, but if I comment the option, jitsi redirect me to keycloak and after success login I see error "Authentification failed: Sorry, you're not allowed join this call".

Steps To Reproduce

Steps to reproduce the behavior:

1. Set jitsi-keycloak-adapter-v2 in docker by instruction
2. config Nginx by instruction

Expected behavior

A clear and concise description of what you expected to happen.

I need login to jitsi room by KeyCloak

Environment:

• OS: Debian 10, Docker
• Browser: [chrome, firefox]
• Version: [KeyCloak 24]

Additional context

[emrahcom]

Hi @DimitryVo,

The needed PR was merged 3 weeks ago. So, try with the latest Docker images.

By the way it works for me with the latest Docker images. My local IP is 172.18.18.1 in my tests.

• I started the keycloak adapter with the following command. I set ALLOW_UNSECURE_CERT because I have a self-signed certificate for my local Keycloak. -e ... part is configured depending on my environment.

docker run -d --name adapter -p "9000:9000/TCP" -e ... -e ALLOW_UNSECURE_CERT=true ghcr.io/nordeck/jitsi-keycloak-adapter-v2

• I added the additional Nginx config into ~/.jitsi-meet-cfg/web/nginx-custom/oidc.conf

location ~ /oidc/ {
    proxy_pass http://172.18.18.1:9000;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;
}

• This is my .env file (only added params) for Jitsi docker-compose:

JITSI_IMAGE_VERSION=stable
PUBLIC_URL=https://172.18.18.1:8443    
JVB_ADVERTISE_IPS=172.18.18.1
 
ENABLE_AUTH=true        
JICOFO_ENABLE_AUTH=false
AUTH_TYPE=jwt           
JWT_APP_ID=myappid      
JWT_APP_SECRET=myappsecret
 
TOKEN_AUTH_URL=https://172.18.18.1:8443/oidc/auth?state={state}
ENABLE_GUESTS=true
XMPP_MODULES=persistent_lobby
XMPP_MUC_MODULES=muc_wait_for_host