Internal Server Error when authenticating with keycloak in xwiki

Question

I'm getting an internal server error when trying to authenticate with keycloak in xwiki. Normally, I should be able to authenticate via Keycloak and then be able to use Xwiki. It says "Internal Server Error".

HTTP Status 500 – Internal Server Error
Type Exception Report

Message Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]]

Beschreibung The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

javax.servlet.ServletException: Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]]
    org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:161)
    org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
    org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
    org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)
    org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
    org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
Root Cause

org.xwiki.resource.ResourceReferenceHandlerException: Failed to handle http servlet request
    org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:110)
    org.xwiki.resource.internal.DefaultResourceReferenceHandlerChain.handleNext(DefaultResourceReferenceHandlerChain.java:79)
    org.xwiki.resource.internal.AbstractResourceReferenceHandlerManager.handle(AbstractResourceReferenceHandlerManager.java:82)
    org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:159)
    org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
    org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
    org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)
    org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
    org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
Root Cause

org.xwiki.contrib.oidc.provider.internal.OIDCException: Failed to get access token:null
    org.xwiki.contrib.oidc.auth.internal.endpoint.CallbackOIDCEndpoint.handle(CallbackOIDCEndpoint.java:183)
    org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:134)
    org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:108)
    org.xwiki.resource.internal.DefaultResourceReferenceHandlerChain.handleNext(DefaultResourceReferenceHandlerChain.java:79)
    org.xwiki.resource.internal.AbstractResourceReferenceHandlerManager.handle(AbstractResourceReferenceHandlerManager.java:82)
    org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:159)
    org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
    org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
    org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:145)
    org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
    org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
Hinweis Der komplette Stacktrace der Ursache ist in den Server logs zu finden

Here are my configs:

xwiki.properties:

oidc.endpoint.authorization=http://localhost:8080/realms/myrealm/protocol/openid-connect/auth
oidc.endpoint.token=http://localhost:8080/realms/myrealm/protocol/openid-connect/token
oidc.endpoint.userinfo=http://localhost:8080/realms/myrealm/protocol/openid-connect/userinfo
oidc.scope=openid,profile,email,address
oidc.endpoint.userinfo.method=GET
oidc.user.nameFormater=${oidc.user.preferredUsername._clean._lowerCase}
oidc.user.subjectFormater=${oidc.user.subject}
# oidc.groups.claim=xwiki_groups
# oidc.groups.mapping=MyXWikiGroup=my-oidc-group
# oidc.groups.mapping=MyXWikiGroup2=my-oidc-group2
# oidc.groups.mapping=MyXWikiGroup2=my-oidc-group3
# oidc.groups.allowed=
# oidc.groups.forbidden=
oidc.userinfoclaims=xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype
# oidc.userinforefreshrate=600000
oidc.clientid=xwiki-client
oidc.secret=*****************
oidc.endpoint.token.auth_method=client_secret_basic
oidc.skipped=false

In xwiki.cfg I just modified these two lines:

xwiki.home=http://localhost:8280/ xwiki.authentication.authclass=org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl

Answer 1

2 things I spot right off the bat here.

1. (I know the author was sloppy in not adding it into the documentation but) the standard of OIDC says you should put a trailing / on the end of your URLs.
2. In xwiki.properties just somewhere in your OIDC configuration, add the line oidc.idtokenclaims=id_token and it should be fixed.

The error is with the token not being read correctly. Both the slash and this line should fix that.