starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2026-02-24 19:08:59 +03:00
Code Issues 396 Packages Projects Releases 16 Wiki Activity

OIDC failed to load #456

New Issue
Open
opened 2026-02-04 19:40:58 +03:00 by OVERLORD · 4 comments
OVERLORD commented 2026-02-04 19:40:58 +03:00
Owner
Copy Link

Originally created by @chrellrich on GitHub (Apr 1, 2024).

Hi, i am not sure if im just missing something or wether there actually is an issue here.

I am using planka with Keycloak as my IDP.

Docker compose file:

version: '3'

services:
  planka:
    image: ghcr.io/plankanban/planka:1.16.1
    restart: on-failure
    networks:
      - default
      - proxy
    volumes:
      - user-avatars:/app/public/user-avatars
      - project-background-images:/app/public/project-background-images
      - attachments:/app/private/attachments
    expose:
      - 1337
    environment:
      - BASE_URL=https://planka.my-domain.com
      - DATABASE_URL=postgresql://postgres@postgres/planka
      - SECRET_KEY=<secret-key>

      # - TRUST_PROXY=0
      # - TOKEN_EXPIRES_IN=365 # In days

      # related: https://github.com/knex/knex/issues/2354
      # As knex does not pass query parameters from the connection string we
      # have to use environment variables in order to pass the desired values, e.g.
      # - PGSSLMODE=<value>

      # Configure knex to accept SSL certificates
      # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false

      - DEFAULT_ADMIN_EMAIL=demo@demo.demo # Do not remove if you want to prevent this user from being edited/deleted
      - DEFAULT_ADMIN_PASSWORD=demo
      - DEFAULT_ADMIN_NAME=Demo Demo
      - DEFAULT_ADMIN_USERNAME=demo

      # Email Notifications (https://nodemailer.com/smtp/)
      # - SMTP_HOST=
      # - SMTP_PORT=587
      # - SMTP_SECURE=true
      # - SMTP_USER=
      # - SMTP_PASSWORD=
      # - SMTP_FROM="Demo Demo" <demo@demo.demo>

      - OIDC_ISSUER=https://auth.my-domain.com/realms/master
      - OIDC_CLIENT_ID=planka
      - OIDC_CLIENT_SECRET=<secret>
      - OIDC_SCOPES=openid email profile
      # - OIDC_ADMIN_ROLES=planka-admin
      # - OIDC_EMAIL_ATTRIBUTE=email
      # - OIDC_NAME_ATTRIBUTE=name
      # - OIDC_USERNAME_ATTRIBUTE=preferred_username
      # - OIDC_ROLES_ATTRIBUTE=groups
      # - OIDC_IGNORE_USERNAME=true
      # - OIDC_IGNORE_ROLES=true
      # - OIDC_ENFORCED=true
    depends_on:
      postgres:
        condition: service_healthy
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.planka.rule=Host(`planka.my-domain.com`)"
      - "traefik.http.routers.planka.entrypoints=https"
      - "traefik.http.routers.planka.tls.certresolver=cloudflare"

  postgres:
    image: postgres:14-alpine
    restart: on-failure
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=planka
      - POSTGRES_HOST_AUTH_METHOD=trust
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  user-avatars:
  project-background-images:
  attachments:
  db-data:

networks:
  proxy:
    external: true

In Keycloak I created a Client called planka with Client Authentication enabled and copied the client secret into my compose file.
When I start the container I get the following error.

planka-1    | 2024-04-01 03:29:44 [E] A hook (`oidc`) failed to load!
planka-1    | 2024-04-01 03:29:44 [E] Failed to lift app: outgoing request timed out after 3500ms
planka-1 exited with code 0

Is there any other place where logs are written to? I haven't had the chance to test with a diffrent IDP yet, but i did verify that https://auth.my-domain.com/realms/master/.well-known/openid-configuration is accessible from within the container. I also tried some older releases but 1.15.5 and 1.15.0 gave the same error.

Any help in figuring this out is very much appreciated.

Originally created by @chrellrich on GitHub (Apr 1, 2024). Hi, i am not sure if im just missing something or wether there actually is an issue here. I am using planka with Keycloak as my IDP. Docker compose file: ```dockerfile version: '3' services: planka: image: ghcr.io/plankanban/planka:1.16.1 restart: on-failure networks: - default - proxy volumes: - user-avatars:/app/public/user-avatars - project-background-images:/app/public/project-background-images - attachments:/app/private/attachments expose: - 1337 environment: - BASE_URL=https://planka.my-domain.com - DATABASE_URL=postgresql://postgres@postgres/planka - SECRET_KEY=<secret-key> # - TRUST_PROXY=0 # - TOKEN_EXPIRES_IN=365 # In days # related: https://github.com/knex/knex/issues/2354 # As knex does not pass query parameters from the connection string we # have to use environment variables in order to pass the desired values, e.g. # - PGSSLMODE=<value> # Configure knex to accept SSL certificates # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false - DEFAULT_ADMIN_EMAIL=demo@demo.demo # Do not remove if you want to prevent this user from being edited/deleted - DEFAULT_ADMIN_PASSWORD=demo - DEFAULT_ADMIN_NAME=Demo Demo - DEFAULT_ADMIN_USERNAME=demo # Email Notifications (https://nodemailer.com/smtp/) # - SMTP_HOST= # - SMTP_PORT=587 # - SMTP_SECURE=true # - SMTP_USER= # - SMTP_PASSWORD= # - SMTP_FROM="Demo Demo" <demo@demo.demo> - OIDC_ISSUER=https://auth.my-domain.com/realms/master - OIDC_CLIENT_ID=planka - OIDC_CLIENT_SECRET=<secret> - OIDC_SCOPES=openid email profile # - OIDC_ADMIN_ROLES=planka-admin # - OIDC_EMAIL_ATTRIBUTE=email # - OIDC_NAME_ATTRIBUTE=name # - OIDC_USERNAME_ATTRIBUTE=preferred_username # - OIDC_ROLES_ATTRIBUTE=groups # - OIDC_IGNORE_USERNAME=true # - OIDC_IGNORE_ROLES=true # - OIDC_ENFORCED=true depends_on: postgres: condition: service_healthy labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.routers.planka.rule=Host(`planka.my-domain.com`)" - "traefik.http.routers.planka.entrypoints=https" - "traefik.http.routers.planka.tls.certresolver=cloudflare" postgres: image: postgres:14-alpine restart: on-failure volumes: - db-data:/var/lib/postgresql/data environment: - POSTGRES_DB=planka - POSTGRES_HOST_AUTH_METHOD=trust healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres -d planka"] interval: 10s timeout: 5s retries: 5 volumes: user-avatars: project-background-images: attachments: db-data: networks: proxy: external: true ``` In Keycloak I created a Client called planka with Client Authentication enabled and copied the client secret into my compose file. When I start the container I get the following error. ``` planka-1 | 2024-04-01 03:29:44 [E] A hook (`oidc`) failed to load! planka-1 | 2024-04-01 03:29:44 [E] Failed to lift app: outgoing request timed out after 3500ms planka-1 exited with code 0 ``` Is there any other place where logs are written to? I haven't had the chance to test with a diffrent IDP yet, but i did verify that https://auth.my-domain.com/realms/master/.well-known/openid-configuration is accessible from within the container. I also tried some older releases but 1.15.5 and 1.15.0 gave the same error. Any help in figuring this out is very much appreciated.
OVERLORD commented 2026-02-04 19:41:06 +03:00
Author
Owner
Copy Link

@mostdcoa commented on GitHub (Apr 1, 2024):

@chrellrich FWIW, I've had a similar issue and it was because I misconfigured my docker network. I would ensure that you're Planka container can communicate with your Keycloak container.

@mostdcoa commented on GitHub (Apr 1, 2024): @chrellrich FWIW, I've had a similar issue and it was because I misconfigured my docker network. I would ensure that you're Planka container can communicate with your Keycloak container.
OVERLORD commented 2026-02-04 19:41:14 +03:00
Author
Owner
Copy Link

@chrellrich commented on GitHub (Apr 5, 2024):

Thanks for the response. They can communicate, i tested using wget. But it might be an issue when using multiple docker networks. I will try with a diffrent networks setup and report back for anyone else having similar problems.

@chrellrich commented on GitHub (Apr 5, 2024): Thanks for the response. They can communicate, i tested using wget. But it might be an issue when using multiple docker networks. I will try with a diffrent networks setup and report back for anyone else having similar problems.
OVERLORD commented 2026-02-04 19:41:19 +03:00
Author
Owner
Copy Link

@marttasch commented on GitHub (Apr 16, 2024):

I have basically the same docker compose setup, but using Authentik as IDP.
Worked flawlessly, until i restarted the Host machine. Since then i get the same error. Planka can ping Authentik and can use wget to get oidc-config from Authentik. I tried changing the docker network setup, with no luck.

Edit: No Idea what I did, change things back and force. Now its working with the same settings as before.

@marttasch commented on GitHub (Apr 16, 2024): I have basically the same docker compose setup, but using Authentik as IDP. Worked flawlessly, until i restarted the Host machine. Since then i get the same error. Planka can ping Authentik and can use wget to get oidc-config from Authentik. I tried changing the docker network setup, with no luck. Edit: No Idea what I did, change things back and force. Now its working with the same settings as before.
OVERLORD commented 2026-02-04 19:41:29 +03:00
Author
Owner
Copy Link

@zloveless commented on GitHub (Jun 14, 2024):

I just noticed this happen in my setup and the VM running my idp was locked up (cause undetermined atm). Rebooted it and everything came back online.

@zloveless commented on GitHub (Jun 14, 2024): I just noticed this happen in my setup and the VM running my idp was locked up (cause undetermined atm). Rebooted it and everything came back online.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
bug
documentation
documentation
duplicate
enhancement
good first issue
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/planka#456
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?