Hi,
I have a xwiki deployed in kubernetes cluster with helm, this is the helm version:
NAME REVISION UPDATED STATUS CHART APP
xwiki 3 Sat Jan 30 08:42:41 2021 DEPLOYED xwiki-1.0-SNAPSHOT 11.10.4 utility
The topology is:
Apache reverse proxy (https) → Kubernetes Ingress (http) → Xwiki
I configured SSO with keycloak reference this:
And also add one base URL in xwiki deployment:
- name: CONTEXT_PATH
value: “/xwiki”
When I access https://mydomain/xwiki/, it can redirect to keycloak and the authentication is working (I can verify that the user passed authentication in keycloak), after authentication, when it redirect to /xwiki/oidc/authenticator/callback, it gets " 504 Gateway Time-out" on browser.
This is the log from kubernetes ingress: (seems ingress didn’t get response from xwiki within 60s, then timeout)
10.3.7.3 - - [30/Jan/2021:13:55:23 +0000] “GET /xwiki/oidc/authenticator/callback?state=fcQcpz4mzfWH50ARfD1pasiapdFD2TCXxbniRWUAj_4&session_state=17e0f41c-3783-4e44-80ad-ad19bb9ed02f&code=0833e729-0f1e-4fe5-9a5c-7bf4b936c4a7.17e0f41c-3783-4e44-80ad-ad19bb9ed02f.eeb7c110-ecff-409e-95b3-78f51035a311 HTTP/1.1” 504 167 “https://mydomain/vre/auth/realms/vre/protocol/openid-connect/auth?scope=openid+profile+email+address&claims={“id_token”%3A{“xwiki_instance_id”%3Anull}%2C"userinfo"%3A{“xwiki_user_accessibility”%3Anull%2C"xwiki_user_displayHiddenDocuments"%3Anull%2C"xwiki_user_editor"%3Anull%2C"xwiki_user_usertype"%3Anull%2C"xwiki_groups"%3Anull%2C"xwiki_user_company"%3Anull}}&response_type=code&redirect_uri=https%3A%2F%2Fmydomain%2Fxwiki%2Foidc%2Fauthenticator%2Fcallback&state=fcQcpz4mzfWH50ARfD1pasiapdFD2TCXxbniRWUAj_4&client_id=xwiki” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0” 1432 65.000 [utility-xwiki-xwiki-80] 192.168.92.221:8080, 0.0.0.1:80 0, 0 60.001, 5.000 504, 504 d0e21763b3f550f8f2bb2a14881b242c
This is the log from xwiki pod: (seems xwiki didn’t response to this request)
192.168.86.243 - - [30/Jan/2021:13:48:28 +0000] “GET /xwiki/oidc/authenticator/callback?state=BKHWvnxmtE0HxOL_dhqSfrTbc1TNjYLviRKS6EyMJ6E&session_state=aa9e0ed2-be2f-4816-be89-32471301d3b9&code=1c4d6eb1-967f-41e0-8d6f-022f2d16303b.aa9e0ed2-be2f-4816-be89-32471301d3b9.eeb7c110-ecff-409e-95b3-78f51035a311 HTTP/1.1” 500 8358
BTW, I have another DEV environment deployed xwiki the same way, the only difference is DEV env has no Apache reverse proxy, it works fine in DEV.
Could you help me to check this one?
Let me know if you need any info.
Thank you very much