OIDC identity provider (keycloak) rejects authentication and shows only substring of actual client-id in log message when BPE client connections configuration has client-id containing colon (:)
Description
Effected DSF Version
To Reproduce
Configuration:
- Set DSF BPE configuration variable
DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG to
fhir-store:
base-url: "https://www.example.com/fhir"
test-connection-on-startup: yes
oidc-auth:
base-url: "https://auth.example.com/realms/test"
client-id: "foo:bar"
client-secret: "password"
Steps to reproduce the behavior:
- Configure keycloak with realm
test and add client with client id foo:bar and password password
- Start DSF BPE Server
- Wait till connection test of client connection
fhir-store fails in BPE logs
- See keycloak logs
Expected Behavior
OIDC identity provider accepts client credentials and connection test in BPE succeeds
Logs
BPE:
[main] DEBUG dev.dsf.bpe.spring.config.FhirClientConnectionsConfig - Testing connection with OIDC provider at https://auth.example.com/realms/test for 'fhir-store' [Failed]
dev.dsf.bpe.api.client.oidc.OidcClientException: Unexpected response status code 401 Unauthorized
Keycloak:
WARN [org.keycloak.events] (executor-thread-171) type="CLIENT_LOGIN_ERROR", realmId="test", realmName="test", clientId="foo", userId="null", ipAddress="172.18.0.1", error="client_not_found", grant_type="client_credentials"
Screenshots
OIDC identity provider (keycloak) rejects authentication and shows only substring of actual client-id in log message when BPE client connections configuration has client-id containing colon (
:)Description
Effected DSF Version
To Reproduce
Configuration:
DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIGtoSteps to reproduce the behavior:
testand add client with client idfoo:barand passwordpasswordfhir-storefails in BPE logsExpected Behavior
OIDC identity provider accepts client credentials and connection test in BPE succeeds
Logs
BPE:
Keycloak:
Screenshots