google-cloud-run quarkus Keyloack

Question

I deploy Keycloak under GCE. I succesfully reach the /auth url. Now I try to deploy a secured microservice under cloud run. This microservice must communicate with keycloak to check authentification This microservice is a quarkus application. Properties are :

# Configuration file
quarkus.oidc.auth-server-url=https://[url]:[port]/auth/realms/quarkus
quarkus.oidc.client-id=backend-service
quarkus.oidc.credentials.secret=secret
quarkus.http.cors=true

# Enable Policy Enforcement
quarkus.keycloak.policy-enforcer.enable=true

# Disables policy enforcement for a path
quarkus.keycloak.policy-enforcer.paths.1.path=/api/public
quarkus.keycloak.policy-enforcer.paths.1.enforcement-mode=DISABLED

At the last step, when cloud build have to deploy and run the native image, i get an error :

Caused by: io.quarkus.oidc.OIDCException: OIDC server is not available at the 'quarkus.oidc.auth-server-url' URL. Please make sure it is correct. Note it has to end with a realm value if you work with Keycloak, for example: 'https://localhost:8180/auth/realms/quarkus'

Can someone can help me ?

Thanks

Is quarkus.oidc.auth-server-url your Keycloak server URL? In other words, is the Keycloak console reachable in your browser at quarkus.oidc.auth-server-url/auth? — Dino
Yes of course i can connect to the console. Realm is present too — anthony44
Possibly related to github.com/quarkusio/quarkus/issues/9155 — sllopis
Do you also have a confidential client created in that realm called backend-service with a client secret of secret? — Dino
Yes realm exist with theses properties ... I upload sample realm from tutorial. Cf quarkus.io/guides/security-keycloak-authorization. Juste create native image and deploy it in CloudRun — anthony44

anthony44 anthony44 · Accepted Answer · 2020-06-13T10:17:44

Fix this issue by updating https://[url]:[port]/auth/realms/quarkus to https://[url]/auth/realms/quarkus. No port value !

google-cloud-run quarkus Keyloack

1 Answers