Keycloak Authentication

Problem: External User logging in from Keycloak gets redirected to Any Organization / Any Location even after setting the Defaults for login.

Expected outcome: User gets redirected to correct org/loc based on profile

Foreman and Proxy versions: Foreman 2.1 Katello 3.15

Distribution and version: CentOS 7.8

I have setup Keycloak based authentication which seems to work just fine but only issue is that it keeps directing the user to Any organization / Any Location instead of the one set in the Account preferences.
Is there a simple way to fix this.

1 Like

Hello @secvirt,

Really appreciate your effort to report this issue :slight_smile: As I am looking into this issue, I have realized this is true for all user logins including internal and external. By this I mean, if you create an internal user and assign it to a org/loc. When you login, they are assigned to Any Org/Loc.

I will open an issue for this bug report in redmine and notify you with the same.Will try to fix this issue :slight_smile:


1 Like


One question, is the user you created assigned with ‘Administrator’ role?


Yes. The user inherits administrator role from the user group.

Then, I guess the functionality is working as it is suppose to behave and there is no bug here. When a user performs login as an admin user then the user has a vision throughout all orgs/loc. That is the reason, user is assigned to any org/any loc. If you do not provide the admin role to a user and then assign the user a specific org/loc then that user will be have access to the assigned org/loc.

Let me know if I am missing somthing here.

cc: @tbrisker @ezr-ondrej

1 Like

When I was using LDAP for external auth, it used to log me into ORG/LOC
that I set under my profile defaults even when I had the administrator
role. That changed when I switched to Keycloak.

1 Like

Oh! ohkay, then I think I need to re-investigate this one :slight_smile: