nordeck / jitsi-keycloak-adapter Goto Github PK
View Code? Open in Web Editor NEWAllow Jitsi to use Keycloak as an identity and OIDC provider. SSO support for Jitsi
License: Apache License 2.0
Allow Jitsi to use Keycloak as an identity and OIDC provider. SSO support for Jitsi
License: Apache License 2.0
Describe the bug
The adapter does not intercept presses to the "Login" button from within the profile settings. Instead the "username/password" modal pops up.
Steps To Reproduce
Expected behavior
The guest user should be redirected to Keycloak and be requested to login.
Environment:
Jitsi (Docker/Helm): stable-8960-1
jitsi-keycloak-adapter (Docker): v20230917
Additional context
The login button carries the ID #login_button
but the interceptor only checks for #modal-dialog-ok-button
:
https://github.com/nordeck/jitsi-keycloak-adapter/blob/v20230917/templates/usr/share/jitsi-meet/body.html#L28
So this only captures the "I am the host" button.
Love this project btw! I just switched from https://github.com/D3473R/jitsi-keycloak and this one feels a lot cleaner.
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
We would like to have the ability to configure the mapping for the display name.
For example, as a concrete example, Keycloak's fullname mapper could be used to map the full display name as a token claim name in the access token and pass it to Jitsi. Currently the Jitsi mapping is hardcoded to use preferred_username
. We would like to be able to change that to for ex. userInfo.name
.
It would also be good if a suffix could be configured which, if set, would be appended to the name as a suffix.
Describe alternatives you've considered
We've also considered to implement this directly into Keycloak. But this does not look like a good solution.
Additional context
The current name mapping can be found at the following location: https://github.com/nordeck/jitsi-keycloak-adapter/blob/main/adapter.ts#L78
Describe the bug
Install the adapter and keycloak in version 20.0.5. Instead of successfuly retrieving the userinfo, a 401 error is thrown by the adapter. Also there is an exception message in the keycloak server log.
Steps To Reproduce
See above. Try to create a room, the call of the userinfo endpoint does not work properly.
Expected behavior
The problem is that the adapter makes a POST request to retrieve the UserInfo endpoint from Keycloak, but does not set a body or content type.
To fix the problem, the method must be changed from POST to GET: https://github.com/nordeck/jitsi-keycloak-adapter/blob/main/adapter.ts#L155
This is also recommended in the openid connect spec: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest
Screenshots / Videos
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-53) Uncaught server error: java.lang.NullPointerException
at org.jboss.resteasy.plugins.server.BaseHttpRequest.getFormParameters(BaseHttpRequest.java:53)
at org.jboss.resteasy.plugins.server.BaseHttpRequest.getDecodedFormParameters(BaseHttpRequest.java:74)
at jdk.internal.reflect.GeneratedMethodAccessor150.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.core.ContextParameterInjector$GenericDelegatingProxy.invoke(ContextParameterInjector.java:166)
at com.sun.proxy.$Proxy45.getDecodedFormParameters(Unknown Source)
at org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint.issueUserInfoPost(UserInfoEndpoint.java:146)
at jdk.internal.reflect.GeneratedMethodAccessor628.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Environment:
Describe the bug
I deployed the Jitsi Keycloak adapter, and it works fine on the web, but encounters issues on Jitsi Meet Electron.
I can't join any meeting room.
Can you add support for Jitsi Meet Electron?
Steps To Reproduce
Expected behavior
Get in a meeting room
Is your feature request related to a problem? Please describe.
Jitsi and Keycloak both sit behind a Nginx reverse proxy.
Jitsi and Keycloak cannot resolve public addresses, and the user's browser cannot resolve addresses from the Jitsi / Keycloak private network.
The environment variable KEYCLOAK_ORIGIN
is supposed to be accessible for the container (and exchange the auth code for an access token), but we therefore cannot use it to redirect the user (which is needed for credentials input).
Describe the solution you'd like
I believe that allowing for two different endpoints, a public one and a private one, would allow to solve this issue. The default could be to set the private endpoint to be the same as the public one, so that backward compability will not be broken.
Describe alternatives you've considered
Changing my network's structure is not planned, and I believe this is a common case anyway, so a fix could be helpful :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.