BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

Bug Keycloak & Bookstack Integration

Open gugigunawan opened this issue 2 years ago • 5 comments

Attempted Debugging

  • [X] I have read the debugging page

Searched GitHub Issues

  • [X] I have searched GitHub for the issue.

Describe the Scenario

Hello Dan,

i write new issue for integration between Keycloak and BookStack as instruction you gave to me for opening new Issue. The issue still the same, after make sure the Time Zone between Host and Docker Image is same but the Error have still appear.

image

I check the response after click "Login with Keycloak" is 200 but the page not redirect to BookStack Page instead have go back to home page.

image

Exact BookStack Version

v23.10.12

Log Content

No response

Hosting Environment

OS VM : 22.04 LTS BookStack Image Version : v23.10.2

gugigunawan avatar Jan 18 '24 07:01 gugigunawan

Hi @gugigunawan, How are you hosting Keycloak, have you checked the time of the Keycloak's host system/container?

ssddanbrown avatar Jan 18 '24 13:01 ssddanbrown

Hi,

i install Keycloak using this tutorial https://www.keycloak.org/getting-started/getting-started-zip Yes, i already check it and already same TZ between Keycloak and Bookstack Server

gugigunawan avatar Jan 22 '24 04:01 gugigunawan

Yes, i already check it and already same TZ between Keycloak and Bookstack Server

The timezone should not matter. Have you checked the actual time on the keycloak server? Is it aligned with the time on the BookStack server?

ssddanbrown avatar Jan 22 '24 17:01 ssddanbrown

Yes, it's actually same between those 2 Servers and i use NTP Server for Sync Time between Bookstack and Keycloak Server

Any suggestion beside time problem for this problem ?

Best Regards,

gugigunawan avatar Jan 23 '24 08:01 gugigunawan

Any suggestion beside time problem for this problem ?

Not anything else easy to check. The next step would be doing some deeper inspection into what your keycloak server is providing to BookStack, to inspect the iat value of the OIDC ID Token.

Here's the relevant code in BookStack which throws this error: https://github.com/BookStackApp/BookStack/blob/295cd0160525125bbd7756d7ad07392ae7201cb8/app/Access/Oidc/OidcIdToken.php#L208-L212

Just before this, we check that the iat is set, so it should be there. We then check the time given is within a certain window, with a fair bit of leeway (2 mins forward, 1 day back). We'd need to see what iat is being provided in your token to understand anything more. There's not a direct easy way to dump that though, without going inside the container to modify code at the point reflected above.

ssddanbrown avatar Jan 23 '24 11:01 ssddanbrown

Since there's been no further follow-up I'm going to close this. If you need further help just respond to my previous comment.

ssddanbrown avatar Mar 09 '24 14:03 ssddanbrown