Add Openid Authentication via Keycloak

Installing my Dolibarr
, ,
1

Hello there,

I recently tried to set up openid authentication for keycloak authentification on my dolibarr but the links to create by hand in “MAIN_AUTHENTICATION_OPENID_URL” do not work and mark me after signin in with keycloak “You requested a website or a page that does not exist. »
My link seems well configured looks like :

https://MYKEYCLOAKURL/realms/MYREALM/protocol/openid-connect/auth?client_id=MYCLIENT&redirect_uri=http%3A%2F%2FMYDOLIBARR%2Fauth%2Fopenid%2Fcallback&response_type=code&scope=openid%20email&response_type=code

=> Has anyone succeeded?

Yours sincerely

2

Hi,

I am trying Openid against authentik, but also had no luck.

I wonder if urlencoding is needed, the documentation looks like only the redirect_uri needs to be urlencoded and the following paramters not.
But, tried nearly every combination without success

2 Likes
3

Did you have any luck im trying to get it to work with authentik but am getting a redirect uri mismatch error

4

I have sucessed to connect Keycloak to Dolibarr

I’m currently working on a Doli plugin. Features :

  • Setting OpenId related Dolibarr config variable from infos like Keycloak domain, realm name etc
  • Trigger on user creation → create user in Keycloak realm
  • Trigger on user update → update user in Keycloak realm
  • Trigger on user deletion → delete user in Keycloak realm
5

@Adriendtz which dolibarr version?

6

in which dolibarr version?

7

Dolibarr 19.0.3.

I use it with multicompany module activated.
To perform that I have tweak a bit the function_open_id_connect in core.

We forget to send it upstream, but we are not sure if it’s working in any scenario

Note : How can I publish a link to a Github Commit ?

8

I’d say that you just find the commit on github, copy the URL and then post that?

9

Weird, yesterday I tried just to copy and paste my link and it was not working.

Anymay :

10

thanks @Tetras-Libre-Anthony, have you created a merge request with this?

11

Hi,
Did you succeed to make it work with Authentik?

12

How is the module coming along?

13

Did you get the authentication to work?

Recently, I got this integration successfully in version 19.0.3

14

Hi all, can you share how you got it working?

16

Sorry I’m late.

You need to set the expected authentication in config/conf.php:

$dolibarr_main_authentication='openid_connect,dolibarr'

Add the following global variables in Home > Setup > Others:

MAIN_AUTHENTICATION_OIDC_CLIENT_ID:
your-keycloack-client-id

MAIN_AUTHENTICATION_OIDC_CLIENT_SECRET
your client secret

MAIN_AUTHENTICATION_OIDC_LOGIN_CLAIM (I had to add it because in my version the matching is done through the user name instead of the email address)	
preferred_username

MAIN_AUTHENTICATION_OIDC_REDIRECT_URL	
https://your-dolibarr-url-web/?openid_mode=true

MAIN_AUTHENTICATION_OIDC_TOKEN_URL
https://your-keycloack-url/auth/realms/your-keycloack-realm/protocol/openid-connect/token

MAIN_AUTHENTICATION_OIDC_USERINFO_URL	
https://your-keycloack-url/auth/realms/your-keycloack-realm/protocol/openid-connect/userinfo

MAIN_AUTHENTICATION_OPENID_URL	
https://your-keycloack-url/auth/realms/your-keycloack-realm/protocol/openid-connect/auth/?client_id=your-keycloack-client-id&redirect_uri=https%3A%2F%2Fyour-dolibarr-url-web%2F%3Fopenid_mode%3Dtrue&scope=openid+profile+email&response_type=code&tz=1

MAIN_LOGOUT_GOTO_URL	
https://your-keycloack-url/auth/realms/your-keycloack-realm/protocol/openid-connect/logout?client_id=your-keycloack-client-id&post_logout_redirect_uri=https%3A%2F%2Fyour-dolibarr-url-web

I guess, that the Keycloack part is well configured.

You will have to create a user in keycloack whose username matches the username in Dolibarr.

PD: My dolibarr runs on Apache (Nginx was giving me problems)

Let me know your feedback.