Hi
As per official document [https://docs.litmuschaos.io/docs/user-guides/chaoscenter-oauth-dex-installation], i have deployed Dex deployment and made necessary changes to config file, in our case we are trying to use keycloak
config.yaml: |
issuer: https://litmuschaos.example.com/auth/dex
storage:
type: memory
web:
http: 0.0.0.0:5556
# allowedOrigins is required for CORS
allowedOrigins:
- "*"
staticClients:
- id: LitmusPortalAuthBackend
redirectURIs:
- '/auth/callback'
- 'http://localhost:8080/auth/callback'
- 'https://litmuschaos.example.com/auth/callback'
name: 'LitmusPortalAuthBackend'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
oauth2:
skipApprovalScreen: true
connectors:
- type: oidc
id: keycloak
name: keycloak
config:
issuer: "https://keycloak.example.com/auth/realms/dev"
clientID: "litmuschaos"
clientSecret: "8f245d4e-xxxxxxxx-xxxx-xxxxxxxxxxx"
redirectURI: https://litmuschaos.example.com/auth/dex/callback
scopes:
- openid
- profile
- email
to integrate dex to the auth server as per [https://docs.litmuschaos.io/docs/user-guides/setup-with-helm] tried passing vars but this doesnt work for dex, as per on of the comment in the issue, have mapped the below set of env vars to the auth-server
env:
DEX_ENABLED: "true"
OIDC_ISSUER: "https://litmuschaos.example.com/auth/dex"
DEX_OAUTH_CALLBACK_URL: "https://litmuschaos.example.com/auth/callback"
DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
since the dex deployment needs to be accessed in the application ingress, we below paths to respective deployment service endpoints
- path: /auth/dex/login
pathType: Prefix
backend:
service:
name: {{ $fullName }}-frontend-service
port:
number: {{ $.Values.portal.frontend.service.port }}
- path: /auth/dex
pathType: Prefix
backend:
service:
name: litmusportal-dex-service
port:
number: 80
after the setup whenever we tried login with sso, it gets routed to keycloak page and once we pass the creds and sign in it gets authenticated and redirects to /auth/dex/callback and then it gets redirects to auth/callback, in this whole process, in dex server we get a login success message(attached below)
time=2026-02-25T12:19:28.529Z level=INFO msg="login successful" connector_id=keycloak username="xxxxxxx" preferred_username=xxxxxx email="[email protected] (unverified)" groups=[] request_id=5ccef7c0-dd8f-4a47-8bd6-yyyyyy
in auth server:
[GIN] 2026/02/25 - 12:19:18 | 200 | 149.901µs | 10.222.17.204 | GET "/capabilities"
[GIN] 2026/02/25 - 12:19:20 | 307 | 71.865531ms | 10.222.17.204 | GET "/dex/login"
[GIN] 2026/02/25 - 12:19:28 | 401 | 111.701µs | 10.222.17.204 | GET "/callback?code=d5wfh2vipepie2w6hv3asc2bm&state=eyJOiJIUzUxMiIsIVCJ9.eyJleHAiOjE3NzIwMj.Ry5gJbWmZIVAil4s_JYajDDJRDBKe8wqd2RHjVkGBNQ_Z8VapLIPTAiPqBfplQUEu6B4Vbqg"
[GIN] 2026/02/25 - 12:19:41 | 200 | 59.8µs | 10.222.17.204 | GET "/capabilities"
[GIN] 2026/02/25 - 12:19:44 | 307 | 3.091018ms | 10.222.17.204 | GET "/dex/login"
[GIN] 2026/02/25 - 12:19:45 | 401 | 69.7µs | 10.222.17.204 | GET "/callback?code=tpczyizpeemgrpcpbvv4a6gxu&state=eyJhbGciOiJIUzUxMiIsIpXVCJ9.eyJleHAiOR9.R7BPH-gNPAX1_BAQcxssU8C_se3OqSMN19rAJQYqSF7ys-n8_TlhvPQ"
after all this we get below message in UI
{"error":"unauthorized","errorDescription":"The user does not have requested authorization to access this resource"}
though the callback url is mapped as valid redirect uri in my keycloak and my id been added to a group and same group has been added to the admin role created for litmus client created at keycloak, still getting the same error.
@contributors, please update the document with correct configuration setup, including which Uri endpoint to be mapped to which service endpoint
If anyone faced similar issue, can you guide me through to fix authentication issue
Hi
As per official document [https://docs.litmuschaos.io/docs/user-guides/chaoscenter-oauth-dex-installation], i have deployed Dex deployment and made necessary changes to config file, in our case we are trying to use keycloak
to integrate dex to the auth server as per [https://docs.litmuschaos.io/docs/user-guides/setup-with-helm] tried passing vars but this doesnt work for dex, as per on of the comment in the issue, have mapped the below set of env vars to the auth-server
since the dex deployment needs to be accessed in the application ingress, we below paths to respective deployment service endpoints
after the setup whenever we tried login with sso, it gets routed to keycloak page and once we pass the creds and sign in it gets authenticated and redirects to /auth/dex/callback and then it gets redirects to auth/callback, in this whole process, in dex server we get a login success message(attached below)
in auth server:
after all this we get below message in UI
{"error":"unauthorized","errorDescription":"The user does not have requested authorization to access this resource"}though the callback url is mapped as valid redirect uri in my keycloak and my id been added to a group and same group has been added to the admin role created for litmus client created at keycloak, still getting the same error.
@contributors, please update the document with correct configuration setup, including which Uri endpoint to be mapped to which service endpoint
If anyone faced similar issue, can you guide me through to fix authentication issue