Boundary keycloak oidc

NegativeFeedback · April 19, 2021, 11:55pm

I have set this up as close as I can to the auth0 tutorial and have it working through the keycloak login but something is happening at the callback I guess. might be obvious in that error but im at a lose, Thanks

“authentication-error?error=authmethod_service.%28Service%29.authenticateOidcCallback%3A+Callback+validation+failed.%3A+parameter+violation%3A+error+%23100%3A+oidc.Callback%3A+unable+to+complete+exchange+with+oidc+provider%3A+unknown%3A+error+%230%3A+Provider.Exchange%3A+id_token+failed+verification%3A+Provider.VerifyIDToken%3A+auth_time+%282021-04-19+18%3A43%3A48±0500+CDT%29+is+beyond+max+age+%2830%29%3A+expired+auth_time”

jeff · April 20, 2021, 4:03pm

We’ll be surfacing that error better on the error page in the future but you can see in that string that the auth time is beyond the set max-age. This might indicate out-of-sync system clocks, or just that you need to change the max-age setting you’re using.

stellarsquall · April 20, 2021, 9:43pm

Did you attempt to set the max-age to 0, like in the activate OIDC auth section?

boundary auth-methods update oidc -id amoidc_q7jAdI1QgA -issuer "https://ISSUER_URL/" -max-age 0

NegativeFeedback · April 20, 2021, 9:59pm

I did but then set it to 30 afterwards and did not seem to work, but this is the issue, as if I set it to 3000 it works fixed timezone and its working. Thanks for the help!

jeff · April 20, 2021, 10:50pm

Yep it’s seconds IIRC so you’d have to have logged into your IdP within the last 30 seconds. Something longer is probably ideal

Topic		Replies	Views
Boundary desktop oauth expiration Boundary	4	429	April 12, 2022
Authentification Failed Boundary	11	970	July 12, 2023
Impossible to connect with Desktop Client and Keycloak Boundary	1	235	March 7, 2024
Boundary Desktop App - OIDC Support Boundary	1	272	November 29, 2023
Boundary 0.2.0 OIDC Boundary	6	543	April 22, 2021

Boundary keycloak oidc

Related topics