Kiali support for Generic OAuth

[https://github.com/kiali/kiali/issues/2056]
Kiali supports OAuth 2.0 natively with OpenID connect integration (Keycloak)

Is above supported now in kiali version > 1.22.x ?

Yes.

See Kiali docs: https://kiali.io/documentation/latest/installation-guide/#_openid_connect

UPDATE: https://kiali.io/documentation/latest/configuration/authentication/openid/

@jmazzitelli
Thank you.

I configured it exactly as in the documentation link.
Unfortunately, after the successful (OIDC) login I get the following errors:
Login unsuccessful: Token is not valid or is expired.
But i see a valid id_token in Chrome Browser log and no any other error than authenticate 401

My environment:

Also tried with a ClusterRoleBinding to add user to have access to Kiali.

I seen this:
[https://github.com/kiali/kiali/pull/3142]
[https://github.com/kiali/kiali/issues/3042]

With AKS Do i have setup a proxy as kube-oidc-proxy for openid auth ?

Any way kiali login works with auth.strategy: token.

Hi, @bethmage

Docs have been updated and I hope they are clearer. Read the new OpenID docs: https://kiali.io/documentation/latest/configuration/authentication/openid/. Make sure to read the “Requirements” section.

I haven’t used Azure AKS, but from comments from other users, I understand that Azure AKS doesn’t provide the required options to integrate AKS to KeyCloak. However, AKS provides integration to Azure AD, which is OpenID-enabled (I think this is the MS docs about it: https://docs.microsoft.com/en-us/azure/aks/managed-aad).

So, as far as I know, if you can switch to Azure AD, that will provide the better integration. But if you need KeyCloak, well, I think you will need to use a proxy (like kube-oidc-proxy) to workaround the AKS limitation.

By the way, if you only need authentication and you don’t need RBAC, I invite you to upvote this issue: https://github.com/kiali/kiali/issues/3084.

@jmazzitelli

Did you get kiali working with keycloak auth? I am facing the same issue and I have the same setup.

@Pramod_Sharma

Can you describe what error are you getting?