Keycloak OpenID registration/login failed "user not found with email..." #3165
-
What happened?I was following exactly the new Keycloak doc: https://www.librechat.ai/docs/configuration/authentication/OAuth2-OIDC/keycloak I cannot get a registration or login via OpenID/Keycloak to work. I always get following error on the LibreChat logs:
Following the doc was not working directly so I had to modify the setup like this, to get to get it connected: My ENVs:
As visible the granted Keycloak user gets pulled but somehow LibreChat seems to search for the user in its own database and as it is not there its not logging in and resulting in going back to the LibreChat login page without registration/login of the OpenID user of Keycloak. I have tried houndrets of different configurations apart from the one mentioned in the LibreChat Docs for OpenID, but had no success. My login security ENVs for LibreChat, which I tried in multiple different variations without success.
Steps to Reproduce
What browsers are you seeing the problem on?Firefox, Chrome, Microsoft Edge Relevant log outputNo response ScreenshotsNo response Code of Conduct
|
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 7 replies
-
are you on v0.7.3? There was a related OpenID issue there, but fixed in the latest version: #3087 However,
this is not an error, just an info log, what happens after this? double check some other issues surrounding keycloak: |
Beta Was this translation helpful? Give feedback.
-
Does anyone maybe have a tested config for Keycloak, because the one in the docs does not work out of the box somehow? |
Beta Was this translation helpful? Give feedback.
-
Still doesn't work. |
Beta Was this translation helpful? Give feedback.
-
The scope was from a previous idea. I can try 443 but 3080 was the default after the installation guide. |
Beta Was this translation helpful? Give feedback.
I finally got it! 🙏Problem was that realm and Client roles we're not handled like in other applications. The settings above we're correct but client roles and associated client roles cannot be used.