Hi,
I’m hoping someone can help me with an issue I’m facing with Keycloak and OCIS.
Background: I installed OCIS (ownCloud Infinite Scale) and configured it to use Keycloak as the OIDC provider. Everything works perfectly when logging in via the web interface. However, I’m encountering issues when trying to log in from the ownCloud mobile apps (iOS and Android).
Problem: Whenever I attempt to log in from the mobile apps, Keycloak reports a “client not found” error. According to various forum posts, Keycloak is creating a new client each time a login attempt is made from the mobile apps. Since these dynamically created clients are not configured properly, the login fails.
Suggested Solution: One developer suggested disabling dynamic client registration in Keycloak. This would prevent Keycloak from creating new clients automatically and ensure that the existing, properly configured client is used.
My Setup:
- Keycloak version: 26
- OCIS version: 5.0.9 (Stable)
What I’ve Tried: I’ve looked through the Keycloak admin console and documentation but haven’t found a straightforward way to disable dynamic client registration. I’ve also tried configuring the clients manually, but the issue persists.
Questions:
- How can I disable dynamic client registration in Keycloak version 26?
- Are there any other settings or configurations I should be aware of to ensure smooth authentication for the ownCloud mobile apps?
Any guidance or insights would be greatly appreciated. Thanks in advance!
This is the url owncloud android app requested: https://auth.mydomain.com/realms/R1/protocol/openid-connect/auth?redirect_uri=oc%3A%2F%2Fandroid.owncloud.com&client_id=e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD&response_type=code&scope=openid+offline_access+email+profile&prompt=select_account+consent&code_challenge=lp5qe4-dZXKk2jWBZatdNDgJXuJEApCOnwrnPXk7kds&code_challenge_method=S256&state=fyjgrmwYOWVnGgCWB0hH
Yeah, I’m using a dedicated realm for OCIS. It’s working without any issues on the web.
You might want to check this out: https://github.com/owncloud/client/issues/11940
Apparently, the client_ID stays same in my case. I guess it’s not really creating new clients.
I also set oc://android.owncloud.com as valid redirect URI.