Configuring Foreman Settings for Keycloak Authentication documentation

joepiotrowski · February 13, 2023, 6:30pm

First time installing and configuring Foreman with Keycloak and stuck. I’m following the Foreman v3.5 documentation and I’m at the end of the 5.8.4. Configuring Foreman Settings for Keycloak Authentication section. Everything looks great so far until I get to these steps:

In the Foreman web UI, navigate to Administer > Authentication Sources and click External.
Click Create LDAP Authentication Source and select the Keycloak server.
Click the Locations tab and add locations that can use the Keycloak authentication source.
Click the Organizations tab and add organizations that can use the Keycloak authentication source.
Click Submit.

These instructions don’t match what I’m seeing in the GUI. I can’t select External. If I select the “Create LDAP Authentication Source” link at the bottom it doesn’t match the instructions listed. Can someone help me with setting this section up? Any help is appreciated, thanks!

maximilian · February 14, 2023, 7:46am

Hi @joepiotrowski

I cannot reproduce this right now because I don’t have access to a Keycloak instance. Can someone else from @docs please test this or ask around?

rgp · February 14, 2023, 9:09am

Are there other docs? Because section 5.8 is about multiple foreman instances, not authentication. Link: Foreman :: Manual Tried text searching for the mentioned steps and I cannot find them.

Dirk · February 14, 2023, 12:24pm

Yes, he is referring to Installing Foreman 3.5 Server with Katello 4.7 Plugin on RHEL/CentOS

Unfortunately the only thing I can help with as I have no experience at this topic.

joepiotrowski · February 14, 2023, 12:44pm

I appreciate you guys trying to help, thanks. But this is on the Foreman GUI side, so no need for Keycloak experience at this point. Can someone tell me if they’re seeing what I’m seeing? Can you follow these instructions in the Foreman GUI and see if they make sense?

In the Foreman web UI, navigate to Administer > Authentication Sources and click External.
Click Create LDAP Authentication Source and select the Keycloak server.
Click the Locations tab and add locations that can use the Keycloak authentication source.
Click the Organizations tab and add organizations that can use the Keycloak authentication source.
Click Submit.

joepiotrowski · February 14, 2023, 12:52pm

When I click on the “External” window nothing happens. If I select the users 0 number, that just lists the Users. If I select the … and go to Edit there is nothing listed, and it doesn’t match the instructions.

If I select the “Create LDAP Authentication Source” at the bottom, that doesn’t match the docs either.

joepiotrowski · February 14, 2023, 1:20pm

I’ve also tried following the steps below that where you can make (or verify) the same configuration changed via CLI, and that doesn’t seem to match that section either. Everything else looks good.

joepiotrowski · February 14, 2023, 1:44pm

I also walked through verifying everything looked correct via CLI. I ran “hammer settings info --name name” and everything looks good. I run:

hammer auth-source external list and get:
ID | Name
3 | External

So I then run the following per the documentation and receive this error:
hammer auth-source external update --id 3 --location-ids locationID --organization-ids OrganizationID
Failed to update external auth source:
Couldn’t find Taxonomy with ‘id’=[0]