[Support Request]: KeyCloak Auth Support #2657

New Issue

Closed

opened 2026-02-05 04:43:33 +03:00 by OVERLORD · 8 comments

OVERLORD commented 2026-02-05 04:43:33 +03:00

Owner

Copy Link

Originally created by @zhangxiaokang on GitHub (Feb 18, 2022).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

bookstack login with keycloak

Exact BookStack Version

v21.12.5

Log Content

No response

PHP Version

No response

Hosting Environment

docker

Originally created by @zhangxiaokang on GitHub (Feb 18, 2022). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario bookstack login with keycloak ### Exact BookStack Version v21.12.5 ### Log Content _No response_ ### PHP Version _No response_ ### Hosting Environment docker

OVERLORD added the 🐕 Support label 2026-02-05 04:43:33 +03:00

OVERLORD closed this issue 2026-02-05 04:43:36 +03:00

OVERLORD commented 2026-02-05 04:43:40 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 20, 2022):

Hi @zhangxiaokang,

Unfortunately there's much information here for us to understand the issue.

• What have you attempted so far?
• Are you getting specific errors?

If it helps, some users have shared details of their Keycloak setup in this following thread: #1157

@ssddanbrown commented on GitHub (Feb 20, 2022): Hi @zhangxiaokang, Unfortunately there's much information here for us to understand the issue. - What have you attempted so far? - Are you getting specific errors? If it helps, some users have shared details of their Keycloak setup in this following thread: #1157

OVERLORD commented 2026-02-05 04:43:45 +03:00

Author

Owner

Copy Link

@zhangxiaokang commented on GitHub (Feb 22, 2022):

OIDC_ISSUER must start with 'https://'? why not 'http://'?

@zhangxiaokang commented on GitHub (Feb 22, 2022): OIDC_ISSUER must start with 'https://'? why not 'http://'?

OVERLORD commented 2026-02-05 04:43:51 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 22, 2022):

@zhangxiaokang Because that's part of the spec to ensure security of the authentication method. From the OIDC spec:

An Issuer Identifier is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.

Taken from here, section 1.2: https://openid.net/specs/openid-connect-core-1_0.html

@ssddanbrown commented on GitHub (Feb 22, 2022): @zhangxiaokang Because that's part of the spec to ensure security of the authentication method. From the OIDC spec: > An Issuer Identifier is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components. Taken from here, section 1.2: https://openid.net/specs/openid-connect-core-1_0.html

OVERLORD commented 2026-02-05 04:43:54 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 28, 2022):

Since there's been no further follow-up I'll close this off.

@ssddanbrown commented on GitHub (Feb 28, 2022): Since there's been no further follow-up I'll close this off.

OVERLORD commented 2026-02-05 04:43:56 +03:00

Author

Owner

Copy Link

@gugigunawan commented on GitHub (Jan 12, 2024):

Hello,

i working to integrate Keycloak and Bookstack right now at My Office but have issue to login from Keycloak to BookStack and APP_DEBUG set to TRUE not help so much.

Any suggestions ? because the error only "ID token validate failed with error: Token issue at time is not recent or is invalid"

Bookstack Version : v23.10.2

Keycloak Version : v23.0.4

@gugigunawan commented on GitHub (Jan 12, 2024): Hello, i working to integrate Keycloak and Bookstack right now at My Office but have issue to login from Keycloak to BookStack and APP_DEBUG set to TRUE not help so much. Any suggestions ? because the error only "**ID token validate failed with error: Token issue at time is not recent or is invalid**" Bookstack Version : v23.10.2 Keycloak Version : v23.0.4

OVERLORD commented 2026-02-05 04:43:59 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jan 15, 2024):

@gugigunawan Please ensure both systems/hosts/containers have the correct time set.
If you need further help, please open a new support issue.

@ssddanbrown commented on GitHub (Jan 15, 2024): @gugigunawan Please ensure both systems/hosts/containers have the correct time set. If you need further help, please open a new support issue.

OVERLORD commented 2026-02-05 04:44:07 +03:00

Author

Owner

Copy Link

@gugigunawan commented on GitHub (Jan 17, 2024):

Hello,

i already have correct set time zone between Docker Image & Hosts System by adding this at docker-compose.yaml

but when i change .env file for AUTH_METHOD from standard and oidc still have the same error
any suggestion ?

Thank's and Best Regards.

@gugigunawan commented on GitHub (Jan 17, 2024): Hello, i already have correct set time zone between Docker Image & Hosts System by adding this at docker-compose.yaml <img width="272" alt="image" src="https://github.com/BookStackApp/BookStack/assets/9584750/a5766900-a0c2-495f-995d-096b2760f1e8"> but when i change .env file for AUTH_METHOD from standard and oidc still have the same error any suggestion ? Thank's and Best Regards.

OVERLORD commented 2026-02-05 04:44:10 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jan 17, 2024):

@gugigunawan That reflects the timezone config, not that the actual time is correct. Check that the time is correct in the BookStack container (for example, by going inside the container and using the date command) and for the keycloak system/container.

If you need further help, please open a new support issue rather than commenting in this closed thread.

@ssddanbrown commented on GitHub (Jan 17, 2024): @gugigunawan That reflects the timezone config, not that the actual time is correct. Check that the time is correct in the BookStack container (for example, by going inside the container and using the `date` command) and for the keycloak system/container. **_If you need further help, please open a new support issue rather than commenting in this closed thread._**

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v26-03

ci_fixing

codeberg-actions

lexical_may_2026

MilnerMart/development

sort_rule_text

GamerClassN7/impersonations-for-admin

Zhey-on/feature/csp-image-css-controls-6033

tortillas5/development

clauvaldez/mfaReset

llm_only

vectors

McTom234/oidc-key-algorithms

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v26.03.4

v26.03.3

v26.03.2

v26.03.1

v26.03

v25.12.9

v25.12.8

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2657