Chronograf authentication with keycloak


I am trying to secure the chronograf instance with keycloak.

I followed the published chronograf tutorial for “generic”. The keycloak client seems to be configured correctly according to the log which states that the client has been authenticated.

After clicking on the “Login with Generic” button in chronograf, I debugged the keycloak code and I can see that the request comes through once, the code is generated for the chronograf client, BUT then another request comes in for the same client and keycloak complains that there already exists one code.

When the token is validated in [chronograf: mux.go], the code to token step of the oauth fails because the code was already generated and the error states invalid grant.

Does anyone have some experience with this or has already managed to secure an instance with keycloak?

Thanks in advance!

See: Chronograf doesn't authenticate with keycloak as generic provider · Issue #5031 · influxdata/chronograf · GitHub for solution, new users are not allowed to post more than 2 links here.