nordeck / jitsi-keycloak-adapter Goto Github PK

Describe the bug

The adapter does not intercept presses to the "Login" button from within the profile settings. Instead the "username/password" modal pops up.

Steps To Reproduce

1. Open a new Jitsi room and authenticate via Keycloak.
2. Open an unauthenticated browser session (e.g. private window) and join the room.
3. Go to profile settings and click "login".

Expected behavior

The guest user should be redirected to Keycloak and be requested to login.

Environment:
Jitsi (Docker/Helm): stable-8960-1
jitsi-keycloak-adapter (Docker): v20230917

Additional context

The login button carries the ID #login_button but the interceptor only checks for #modal-dialog-ok-button:
https://github.com/nordeck/jitsi-keycloak-adapter/blob/v20230917/templates/usr/share/jitsi-meet/body.html#L28
So this only captures the "I am the host" button.

Love this project btw! I just switched from https://github.com/D3473R/jitsi-keycloak and this one feels a lot cleaner.

Is your feature request related to a problem? Please describe.
No.

Describe the solution you'd like
We would like to have the ability to configure the mapping for the display name.

For example, as a concrete example, Keycloak's fullname mapper could be used to map the full display name as a token claim name in the access token and pass it to Jitsi. Currently the Jitsi mapping is hardcoded to use preferred_username. We would like to be able to change that to for ex. userInfo.name.

It would also be good if a suffix could be configured which, if set, would be appended to the name as a suffix.

Describe alternatives you've considered
We've also considered to implement this directly into Keycloak. But this does not look like a good solution.

Additional context
The current name mapping can be found at the following location: https://github.com/nordeck/jitsi-keycloak-adapter/blob/main/adapter.ts#L78

Describe the bug
Install the adapter and keycloak in version 20.0.5. Instead of successfuly retrieving the userinfo, a 401 error is thrown by the adapter. Also there is an exception message in the keycloak server log.

Steps To Reproduce
See above. Try to create a room, the call of the userinfo endpoint does not work properly.

Expected behavior
The problem is that the adapter makes a POST request to retrieve the UserInfo endpoint from Keycloak, but does not set a body or content type.

To fix the problem, the method must be changed from POST to GET: https://github.com/nordeck/jitsi-keycloak-adapter/blob/main/adapter.ts#L155

This is also recommended in the openid connect spec: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest

Screenshots / Videos

ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-53) Uncaught server error: java.lang.NullPointerException
	at org.jboss.resteasy.plugins.server.BaseHttpRequest.getFormParameters(BaseHttpRequest.java:53)
	at org.jboss.resteasy.plugins.server.BaseHttpRequest.getDecodedFormParameters(BaseHttpRequest.java:74)
	at jdk.internal.reflect.GeneratedMethodAccessor150.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.resteasy.core.ContextParameterInjector$GenericDelegatingProxy.invoke(ContextParameterInjector.java:166)
	at com.sun.proxy.$Proxy45.getDecodedFormParameters(Unknown Source)
	at org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint.issueUserInfoPost(UserInfoEndpoint.java:146)
	at jdk.internal.reflect.GeneratedMethodAccessor628.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)

Environment:

• OS: Ubuntu
• Browser: Chrome

Describe the bug

I deployed the Jitsi Keycloak adapter, and it works fine on the web, but encounters issues on Jitsi Meet Electron.
I can't join any meeting room.
Can you add support for Jitsi Meet Electron?

Steps To Reproduce

1. deploy Jitsi Keycloak adapter
2. join a meeting on Jitsi Meet Electron

Expected behavior

Get in a meeting room

Is your feature request related to a problem? Please describe.

Jitsi and Keycloak both sit behind a Nginx reverse proxy.
Jitsi and Keycloak cannot resolve public addresses, and the user's browser cannot resolve addresses from the Jitsi / Keycloak private network.

The environment variable KEYCLOAK_ORIGIN is supposed to be accessible for the container (and exchange the auth code for an access token), but we therefore cannot use it to redirect the user (which is needed for credentials input).

Describe the solution you'd like

I believe that allowing for two different endpoints, a public one and a private one, would allow to solve this issue. The default could be to set the private endpoint to be the same as the public one, so that backward compability will not be broken.

Describe alternatives you've considered

Changing my network's structure is not planned, and I believe this is a common case anyway, so a fix could be helpful :)