[GeoNode-devel] GeoNode 4.0.0rc0 + Keycloak

Pattara Kiatisevi pattara at longdo.com
Sun May 29 18:31:41 PDT 2022


I confirm it was the same case. Setting SOCIALACCOUNT_LOGIN_ON_GET=True
solved the problem.

Thank you very much,
Pattara

On Wed, May 25, 2022 at 4:32 PM Giovanni Allegri <
giovanni.allegri at geosolutionsgroup.com> wrote:

> We also notice that some changes introduced in the latest versions of
> django-allauth has some small changes that require adapting something in
> the integration with GeoNode.
>
> django-allauth 0.44.0 is two years old. Several fixes have been introduced
> meanwhile, including security improvements.
> We would prefer to figure out and solve the problems rather than reverting
> it inside GeoNode.
>
> For example, in our case, the problematic configuration
> was SOCIALACCOUNT_LOGIN_ON_GET, which is False by default. Recent versions
> of django-allauth require a POST request to initiate the login flow, and it
> was causing some problems to us.
>
> Were you able to spot what was causing the problem with Keycloak?
>
> Giovanni
>
> On Wed, May 25, 2022 at 10:44 AM Pattara Kiatisevi <pattara at longdo.com>
> wrote:
>
>> Changing back to django-allauth 0.44.0 seems to solve the problem at the
>> moment.
>>
>> $ git diff requirements.txt
>> diff --git a/requirements.txt b/requirements.txt
>> index 50c578230..be55ef0e8 100644
>> --- a/requirements.txt
>> +++ b/requirements.txt
>> @@ -27,7 +27,8 @@ rdflib==6.1.1
>>  smart_open==6.0.0
>>
>>  # Django Apps
>> -django-allauth==0.50.0
>> +#django-allauth==0.50.0
>> +django-allauth==0.44.0
>>  django-appconf==1.0.5
>>  django-celery-results==2.3.1
>>  django-filter==21.1
>>
>> Cheers,
>> Pattara
>>
>> On Fri, May 6, 2022 at 7:32 PM Giovanni Allegri <
>> giovanni.allegri at geosolutionsgroup.com> wrote:
>>
>>> Thanks for reporting this Pattara.
>>>
>>> We have used Keyclok in several contexts in the past but we haven't had
>>> the chance to test it with GN 4 yet.
>>> Would you kindly open an issue on the GeoNode repo to keep track of it?
>>>
>>> Best,
>>> Giovanni
>>>
>>> On Thu, May 5, 2022 at 12:03 PM Pattara Kiatisevi <pattara at longdo.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> We used to set up a GeoNode 3.3x + Keycloak site according to
>>>> https://gist.github.com/t-book/0fb30804e217bdeb064dd91b5041fbc9 and
>>>> things worked well.
>>>>
>>>> Now as we are trying GeoNode 4.0.0rc0, following the same steps. But
>>>> when clicking at the "Sign in with Keycloak" link (which is something like
>>>> https://<keycloak-hostname>/account/keycloak/login/?process=login&next=%2F
>>>> ), it doesn't redirect the user to the Keycloak site, but instead got stuck
>>>> at geonode.
>>>>
>>>> When checking that URL, we found that if the request is made with HEAD
>>>> (i.e., curl -I), the response seems to be correct (HTTP 302, redirecting
>>>> users to Keycloak).
>>>>
>>>> [image: image.png]
>>>>
>>>> But when using browsers or normal curl (curl -v -o /dev/null "https://<geonode-hostname>/account/keycloak/login/?process=login&next=%2F",
>>>> it responds with HTTP 200, which is wrong.
>>>> [image: image.png]
>>>>
>>>> Any input is really appreciated.
>>>>
>>>> Thank you very much in advance,
>>>> Pattara
>>>>
>>>>
>>>> _______________________________________________
>>>> geonode-devel mailing list
>>>> geonode-devel at lists.osgeo.org
>>>> https://lists.osgeo.org/mailman/listinfo/geonode-devel
>>>>
>>>
>>>
>>> --
>>>
>>> ==
>>>
>>> GeoServer Professional Services from the experts!
>>>
>>> Visit http://bit.ly/gs-services-us for more information.
>>> ==
>>>
>>> Dott. Giovanni Allegri
>>>
>>> Technical Lead / Project Manager
>>>
>>>
>>> GeoSolutions Group
>>> phone: +39 0584 962313
>>> fax:      +39 345 2815774
>>>
>>> https://www.geosolutionsgroup.com/
>>> http://twitter.com/geosolutions_it
>>> -------------------------------------------------------
>>>
>>> Con riferimento alla normativa sul trattamento dei dati personali (Reg.
>>> UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
>>> precisa che ogni circostanza inerente alla presente email (il suo
>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>>>
>>> This email is intended only for the person or entity to which it is
>>> addressed and may contain information that is privileged, confidential or
>>> otherwise protected from disclosure. We remind that - as provided by
>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
>>> e-mail or the information herein by anyone other than the intended
>>> recipient is prohibited. If you have received this email by mistake, please
>>> notify us immediately by telephone or e-mail.
>>>
>>
>
> --
>
> ==
>
> GeoServer Professional Services from the experts!
>
> Visit http://bit.ly/gs-services-us for more information.
> ==
>
> Dott. Giovanni Allegri
>
> Technical Lead / Project Manager
>
>
> GeoSolutions Group
> phone: +39 0584 962313
> fax:      +39 345 2815774
>
> https://www.geosolutionsgroup.com/
> http://twitter.com/geosolutions_it
> -------------------------------------------------------
>
> Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
> precisa che ogni circostanza inerente alla presente email (il suo
> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>
> This email is intended only for the person or entity to which it is
> addressed and may contain information that is privileged, confidential or
> otherwise protected from disclosure. We remind that - as provided by
> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
> e-mail or the information herein by anyone other than the intended
> recipient is prohibited. If you have received this email by mistake, please
> notify us immediately by telephone or e-mail.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20220530/fc9adbd9/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 201630 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20220530/fc9adbd9/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 222005 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20220530/fc9adbd9/attachment-0003.png>


More information about the geonode-devel mailing list