Bug found following docs on keycloak with duo integration

Good Morning!

I was following the docs on the keycloak (I am using latest keycloak-11.0.2) with duo integration when I hit an error while testing. I built duo-spi following the non-docker build instructions with maven.

When attempting to authenticate, I got the username password form, but when proceeding, keycloak reported “An internal server error has occured”

The error recorded:
2020-09-11 10:01:06,576 ERROR [org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider] (default task-4) Failed to process template: org.keycloak.theme.FreeMarkerException: Failed to process template duo-mfa.ftl

Sure enough, there is no duo-mfa.ftl at keycloak-11.0.2/themes/base/login/

I copied keycloak-duo-spi/src/main/resources/duo-mfa.ftl to the keycloak install location, chowned to keycloak, and after a service restart my authentication now proceeds to the duo auth form normally.


Thanks for letting us know about this documentation issue. It appears like OSC never saw this issue because our Keycloak theme repo already includes this file: https://github.com/OSC/keycloak-theme/tree/master/login.

I’ve opened a documentation pull request to address this issue: https://github.com/OSC/ood-documentation/pull/406