ModenaN1•2mo ago

SSO with KeyCloak Error

Hi!! I've installed Langfuse in my self-hosted environment and configured a Custom OAuth provider (KeyCloak deployed in the same docker network) with errors. I just deploy it with docker-compose:

  langfuse:
    image: langfuse/langfuse:2
    depends_on:
      db:
        condition: service_healthy
    environment:
      - DATABASE_URL=postgresql://${DB_USERNAME:-postgres}:${DB_PASSWORD}@db:5432/langfuse
      - NEXTAUTH_SECRET=${SECRET_KEY}
      - SALT=${SECRET_KEY}
      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
      - NEXTAUTH_URL=langfuse.mydomain.com
      - TELEMETRY_ENABLED=${TELEMETRY_ENABLED:-true}
      - LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES=${LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES:-false}
      - AUTH_CUSTOM_CLIENT_ID=${AUTH_CUSTOM_CLIENT_ID}
      - AUTH_CUSTOM_CLIENT_SECRET=${AUTH_CUSTOM_CLIENT_SECRET}
      - AUTH_CUSTOM_ISSUER=https://sso.mydomain.com
      - AUTH_CUSTOM_NAME=KeyCloak
      - AUTH_CUSTOM_ALLOW_ACCOUNT_LINKING=true

  langfuse:
    image: langfuse/langfuse:2
    depends_on:
      db:
        condition: service_healthy
    environment:
      - DATABASE_URL=postgresql://${DB_USERNAME:-postgres}:${DB_PASSWORD}@db:5432/langfuse
      - NEXTAUTH_SECRET=${SECRET_KEY}
      - SALT=${SECRET_KEY}
      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
      - NEXTAUTH_URL=langfuse.mydomain.com
      - TELEMETRY_ENABLED=${TELEMETRY_ENABLED:-true}
      - LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES=${LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES:-false}
      - AUTH_CUSTOM_CLIENT_ID=${AUTH_CUSTOM_CLIENT_ID}
      - AUTH_CUSTOM_CLIENT_SECRET=${AUTH_CUSTOM_CLIENT_SECRET}
      - AUTH_CUSTOM_ISSUER=https://sso.mydomain.com
      - AUTH_CUSTOM_NAME=KeyCloak
      - AUTH_CUSTOM_ALLOW_ACCOUNT_LINKING=true

Langfuse is exposed by a reverse-proxy (nginx), and when I access langfuse and click on "KeyCloak" button the page reload with this URL and this error in the docker log:

https://langfuse.mydomain.com/auth/sign-in?callbackUrl=https%3A%2F%2Flangfuse.mydomain.com%2Fauth%2Fsign-in&error=OAuthSignin

https://langfuse.mydomain.com/auth/sign-in?callbackUrl=https%3A%2F%2Flangfuse.mydomain.com%2Fauth%2Fsign-in&error=OAuthSignin

[next-auth][error][SIGNIN_OAUTH_ERROR] 
https://next-auth.js.org/errors#signin_oauth_error Unable to find matching target resource method {
  error: {
    message: 'Unable to find matching target resource method',
    name: 'OPError'
  },
  providerId: 'custom',
  message: 'Unable to find matching target resource method'
}

[next-auth][error][SIGNIN_OAUTH_ERROR] 
https://next-auth.js.org/errors#signin_oauth_error Unable to find matching target resource method {
  error: {
    message: 'Unable to find matching target resource method',
    name: 'OPError'
  },
  providerId: 'custom',
  message: 'Unable to find matching target resource method'
}

It's possible to integrate with a custom provider like KeyCloak (standard OAuth2 flows) ? PD: The client_id & client_secret used here, are used by others apps in the same docker network and works fine. Thank u!!

Solution:

There are a couple of keycloak related threads on github (issues and github discussion threads) and I plan to review/merge native support for keycloak soon (see 2 open PRs)

Jump to solution

5 Replies

Solution

Marc•2mo ago

There are a couple of keycloak related threads on github (issues and github discussion threads) and I plan to review/merge native support for keycloak soon (see 2 open PRs)

ModenaN1•2mo ago

Okey, thank u!! I close the support then 🙂

ModenaN1•2w ago

Hi! Do you have a plan for merge this PR to main? I'm following the PR (https://github.com/langfuse/langfuse/pull/2866) but don't see progress although it seems that everything is already implemented 🙂

GitHub

Feature/Add KeyCloak authentication option by RTae · Pull Request #...

What does this PR do? Adding an SSO authentication option to support KeyCloak Type of change Add Environment variable for KeyCloak authentication in web/src/env.mjs and .env.prod.example Add Key...

Marc•2w ago

yes, currently backlogged on a couple of issues, will try to make time for this soon, thanks for the ping

ModenaN1•2w ago

thanks for the reply! 🙂