Keycloak on http 8080 and OOD 443 server https on same node and network having integration issues

Get Help
1

it was nice interaction with you at SC 24 conference , we are trying to test OOD with LSF container applications. I am running Apache ood on https and key cloak on http both are running, having some issues with integration on same node and network . shall I need to run both on https ,i am able to login to keycloak user with pwd but does not proxying. getting 403 error how can i get OOD dashboard if any technical support from your team to help me or zoom support to check configuration if any missing , let me know thanks

in Sudo vi /etc/ood/config/ood_portal.yml
OIDCProviderMetadataURL ‘http://fqdn:8080/realms/ood-realm/.well-known/openid-configuration
OIDCClientID ‘ood-client’
OIDCClientSecret " ‘’
OIDCRedirectURI ‘https://fqdn:443/oidc/callback’. same in keycloak client configuration

sudo vi /etc/httpd/conf.d/ood-portal.conf

sudo vi /etc/httpd/conf.d/auth_openidc.conf

   in **Sudo vi** **/etc/httpd/conf.d/ood-keycloak.conf**   Proxy for Keycloak
ProxyPass /auth http://FQDN:8080/auth
ProxyPassReverse /auth http://fqdn:8080/auth

i have not done this sudo -u keycloak ./bin/jboss-cli.sh ‘embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)’
sudo -u keycloak ./bin/jboss-cli.sh ‘embed-server,/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)’
sudo -u keycloak ./bin/jboss-cli.sh ‘embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)’

Have good day

Thanks

2

Hi Rajeshpleti,

OIDCRedirectURI shoud be https://fqdn:443/oidc and should match with keycloak client configuration.

1 Like
3

Hi Berbesi thanks for your valuable support i have done OIDCRedirectURI as per your suggestions but having issues with Integration and httpd and keycloak are running in active state but ondmand service is not running , could you let me know how to resolve the issues to see ondemand dashboard
I have

sudo dnf install https://yum.osc.edu/ondemand/3.1/ondemand-release-web-3.1-1.el8.noarch.rpm

Which is compatible with ruby 3.1 which is available using dnf and changed node -v

v18.14.2

and npm -v

9.5.0

compatibility , so that we can continue without ruby conflicts on vm

Open OnDemand

Open OnDemand 3.1 as indicated by the package:

ondemand-release-web-3.1-1.el8.noarch.rpm

Open OnDemand 3.1 is compatible with:

  • Ruby 3.1 (which you installed using DNF).
  • Node.js 18.x (Node version v18.14.2 and npm v9.5.0).

Keycloak 15 and apache are running and active state but

systemctl status ondemand.service

ondemand.service - Open OnDemand Service

Loaded: loaded (/etc/systemd/system/ondemand.service; enabled; vendor preset: disabl>

Active: failed (Result: exit-code)

Process: ExecStop=/bin/systemctl stop httpd (code=exited, status=0/SUCCESS)

Process: ExecStartPost=/bin/systemctl restart httpd (code=exited, status=0/SU>

Process: ExecStart=/opt/ood/ood-portal-generator/sbin/update_ood_portal --rpm>

update_ood_portal[3664004]: /usr/share/ruby/fileutils.rb:105>

update_ood_portal: /usr/share/ruby/fileutils.rb:105>

update_ood_portal: /opt/ood/ood-portal-generator/li>

update_ood_portal: /opt/ood/ood-portal-generator/li>

update_ood_portal: -e:1:in `’

update_ood_portal: Run ‘update_ood_portal --help’ t>

update_ood_portal: chown ondemand:apache /etc/httpd>

ondemand.service: Control process exited, code=e>

: ondemand.service: Failed with result ‘exit-code’.

Failed to start Open OnDemand Service.

/etc/httpd/conf.d

total 104

-rw-r----- 1 apache apache auth_openidc.conf

-rwxr-xr-x 1 ondemand apache autoindex.conf

-rwxr-xr-x 1 ondemand apache 01:37 -l

-rw-r----- 1 apache apache ood-keycloak.conf

-rw-r–r-- 1 root apache ood-portal.conf

-rw-r–r-- 1 root root ood-portal.conf.bak

-rwxr-xr-x 1 ondemand apache readme

-rwxr-xr-x 1 ondemand apache ssl.conf

-rwxr-xr-x 1 ondemand apache userdir.conf

-rwxr-xr-x 1 ondemand apache welcome.conf

sudo tail -f /var/log/httpd/error_log shows AH: initializing worker proxy:reverse local

initialized pool in child for (*) min=0 max=61 smax=61

mod_proxy_hcheck.c(914): AH0: apr_thread_pool_create() with 16 threads succeeded

mod_watchdog.c(590): AH0: Watchdog: Created child worker thread (proxy_hcheck).

AH: initializing worker proxy:reverse shared

AH: initializing worker proxy:reverse local

AH0: initialized pool in child for (*) min=0 max=61 smax=61

start_threads: Using epoll (wakeable)

start_threads: Using epoll (wakeable)

AH0: start_threads: Using epoll (wakeable)

4

Sorry for the delay in my reply, could you please paste the content of your /etc/ood/config/ood_portal.yml file??

Thanks,

Edwin Berbesi