I have a local apache2 server running humhub 1.3.14. My goal is to set Keycloak located on my rancher cluster as the authentication provider for humhub.
After selecting "keycloak OpenId Connect" the user is successfully redirected to the keycloak server. After the user has authenticated, keycloak redirects back to my local humhub server. There humhub complains: "Unable to verify JWS: Unsecured connection" . to validate the JWS, humhub uses yii2-authclient/src/OpenIdConnect.php which requires "spomky-labs/jose:~5.0.6" (which is abandoned, but yii2 does still use it).
in humhub/protected/vendor/yiisoft/yii2-authclient/src/OpenIdConnect.php setting
$validateJws = false
does nothing.
humhub/protected/config/common.php:
return [
'params' => [
'enablePjax' => false
],
'components' => [
'urlManager' => [
'showScriptName' => false,
'enablePrettyUrl' => false,
],
'authClientCollection' => [
'class' => 'yii\authclient\Collection',
'clients' => [
'keycloak' => [
'class' => 'yii\authclient\OpenIdConnect',
'issuerUrl' => 'https://xxxx/auth/realms/humhub',
'clientId' => 'humhub',
'clientSecret' => 'xxxxxxx',
'name' => 'keycloak',
'title' => 'Keycloak OpenID Connect',
'tokenUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/token',
'authUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/auth',
'validateAuthState' => 'false',
'validateJws' => 'false',
],
],
]
]
];
Can anyone help? Further information required?
UPDATE
After updating "spomky-labs/jose" to "spomky-labs/jose:~6.1.0", the response from humhub changed to:
"Unable to verify JWS: The provided sector identifier URI is not valid: scheme must be one of the following: ["https"]."
UPDATE
I have enabled https also on my local apache2 server which runs humhub. I also downgraded spomky-labs/jose back to version 5.0.6, because of compatibility problems with the current humhub version 1.3.14. After that, the JWS error seems to be fixed but a new error accured:
Coult it be caused by the content type in the JWS which is not "application/json" but instead just "" (empty)? if so, how can this be fixed?
