Kiali support for Generic OAuth

Kiali supports OAuth 2.0 natively with OpenID connect integration (Keycloak)

Is above supported now in kiali version > 1.22.x ?


See Kiali docs:


Thank you.

I configured it exactly as in the documentation link.
Unfortunately, after the successful (OIDC) login I get the following errors:
Login unsuccessful: Token is not valid or is expired.
But i see a valid id_token in Chrome Browser log and no any other error than authenticate 401

My environment:

Also tried with a ClusterRoleBinding to add user to have access to Kiali.

I seen this:

With AKS Do i have setup a proxy as kube-oidc-proxy for openid auth ?

Any way kiali login works with auth.strategy: token.

Hi, @bethmage

Docs have been updated and I hope they are clearer. Read the new OpenID docs: Make sure to read the “Requirements” section.

I haven’t used Azure AKS, but from comments from other users, I understand that Azure AKS doesn’t provide the required options to integrate AKS to KeyCloak. However, AKS provides integration to Azure AD, which is OpenID-enabled (I think this is the MS docs about it:

So, as far as I know, if you can switch to Azure AD, that will provide the better integration. But if you need KeyCloak, well, I think you will need to use a proxy (like kube-oidc-proxy) to workaround the AKS limitation.

By the way, if you only need authentication and you don’t need RBAC, I invite you to upvote this issue:


Did you get kiali working with keycloak auth? I am facing the same issue and I have the same setup.


Can you describe what error are you getting?