Hi,
I am trying to configure sso using keycloak on gitea, but it didnt work, at the creation of the provider it gets error 500. In the docs I found that gitea for some reason require an valid ssl certificate, and since those servers are not expose to internet, it just make gitea no use for us.
Am I wrong ? Maybe there is some workarround ?
1 Like
It would help to get the content of the error 500 as it presumably contains information about the source of the error. It would also help if you could describe how you configured keycloak. It is most helpful if you do so using screenshots and copies of command lines instead of plain English, where possible. A copy/paste is worth a thousand words 
Hi singuliere,
I tried to change the certificates to self sign certificates, and still get 500.
I cant see any error in the logs, just the 500 gray keycloak screen when I try to login.
About the architecture, I just install gitea using helm, and add an custom ingress controller, in the controller logs ;
root@pkbm:# kubectl logs giteaingress-ingress-nginx-controller-89c6657dc-f6t7s -n gitea -f | grep 500
10.40.0.0 - - [14/Dec/2021:11:44:00 +0000] “GET /img/gitea-lg.png HTTP/2.0” 304 0 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4655.0 Safari/537.36” 83 0.001 [gitea-gitea-gitea-http-3000] [] 10.40.0.4:3000 0 0.000 304 a575006cabd5dd34e1b233f60a63788c
10.40.0.0 - - [14/Dec/2021:12:19:36 +0000] “POST /admin/auths/new HTTP/2.0” 500 11758 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4655.0 Safari/537.36” 909 0.042 [gitea-gitea-gitea-http-3000] [] 10.40.0.4:3000 11771 0.040 500 c89ee2f8d82ad9f6c104afcba6e59aeb
10.40.0.0 - - [14/Dec/2021:12:19:36 +0000] “GET /img/500.png HTTP/2.0” 200 5230 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4655.0 Safari/537.36” 27 0.002 [gitea-gitea-gitea-http-3000] [] 10.40.0.4:3000 5230 0.000 200 64cf4c46c883b86bb6659c5e8e56818b
10.40.0.0 - - [14/Dec/2021:12:26:12 +0000] “GET /user/oauth2/Keycloak HTTP/2.0” 500 8301 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4655.0 Safari/537.36” 35 0.002 [gitea-gitea-gitea-http-3000] [] 10.40.0.4:3000 8314 0.000 500 2b18254676a2735be4f71f6d84661b66
10.40.0.0 - - [14/Dec/2021:12:26:20 +0000] “GET /user/oauth2/Keycloak HTTP/2.0” 500 8301 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4655.0 Safari/537.36” 36 0.002 [gitea-gitea-gitea-http-3000] [] 10.40.0.4:3000 8314 0.000 500 55a6a757d552d4992d64e18bbc13ac0b
10.40.0.0 - - [14/Dec/2021:12:26:33 +0000] “GET /user/oauth2/Keycloak HTTP/2.0” 500 8301 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4655.0 Safari/537.36” 36 0.002 [gitea-gitea-gitea-http-3000] [] 10.40.0.4:3000 8314 0.000 500 d5f4a0921f987eec54870af19886c232
10.40.0.0 - - [14/Dec/2021:15:06:13 +0000] “GET /user/oauth2/Keycloak HTTP/2.0” 500 8301 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4655.0 Safari/537.36” 36 0.002 [gitea-gitea-gitea-http-3000] [] 10.40.0.4:3000 8314 0.000 500 bdceaa5d1fb01bd3fc0def42c7dc6b4d
I saw in several docs saying that gitea will check the certificate , if its not valid it will get error…
I tried with self sign certificate and still get this error, the certificate is validate on the browser, but it may not be valid in kubernetes pod or in the host machine, should I make those certificates valid somewhere to make this works ?