Authentication Error: Logging into KYPO via Keycloak
KYPO was successfully deployed in our OpenStack Environment for proof-of-concept purpose. However, if we want to log into KYPO in the Browser via Keycloak with the initially created admin user a request is made to ‘https://10.42.1.193/kypo-rest-user-and-group/api/v1/users/info’ and the application just keeps loading for a while.
After a few minutes, the following error is displayed in the application:
When trying to log in, the browser's network monitor immediately displays the error message ‘Object { headers: {...}, status: 0, statusText: “Unknown Error”, url: “https://10.42.1.193/kypo-rest-user-and-group/api/v1/users/info”, ok: false, name: “HttpErrorResponse”, message: “Http failure response for https://10.42.1.193/kypo-rest-user-and-group/api/v1/users/info: 0 Unknown Error”, error: abort }’.
And the following error is displayed in the network monitor several times when loading:
Object { headers: {…}, status: 401, statusText: "OK", url: "https://10.42.1.193/kypo-rest-user-and-group/api/v1/users/info", ok: false, name: "HttpErrorResponse", message: "Http failure response for https://10.42.1.193/kypo-rest-user-and-group/api/v1/users/info: 401 OK", error: {…} } error: Object { timestamp: 1717585551766, status: "UNAUTHORIZED", message: "Full authentication is required to access this resource", … } errors: Array [ "Full authentication is required to access this resource" ] message: "Full authentication is required to access this resource" path: "/kypo-rest-user-and-group/api/v1" status: "UNAUTHORIZED" timestamp: 1717585551766 : Object { … } headers: Object { normalizedNames: Map(0), lazyUpdate: null, lazyInit: lazyInit() } lazyInit: function lazyInit() lazyUpdate: null normalizedNames: Map(0) : Object { … message: "Http failure response for https://10.42.1.193/kypo-rest-user-and-group/api/v1/users/info: 401 OK" name: "HttpErrorResponse" ok: false status: 401 statusText: "OK" url: "https://10.42.1.193/kypo-rest-user-and-group/api/v1/users/info" : Object { … }
It seems that after Keycloak has verified the user's credentials, an access token (JWT) is created, containing the user's identity and permissions. This token is then used to access the resource "https://10.42.1.193/kypo-rest-user-and-group/api/v1/users/info" (i.e., the KYPO API). KYPO then attempts to validate the access token to verify the identity and permissions but fails, resulting in the error.
We did not change anything in the Keycloak Settings. The configuration of the Deployment of our KYPO-CRP Helm application is the following: