Hey, everybody.
Has anyone configured Keycloak + Nomad on OIDC?
After configuring the OIDC on Keycloak, the server works fine, but nomad does not pass authorization because nomad for some reason uses the user id from keycloak, not email
Does anyone have any insight into what the error is and if it can be fixed?
P.S. I should note that the documentation on setting up OIDC contains a lot of errors and inaccuracies that took a lot of time to fix:
https://help.hcl-software.com/nomad/1.0_admin/configserver_domino_oidcprovider.html
On HCL Domino REST API you can specify what is user identifier (email):
https://opensource.hcltechsw.com/Domino-rest-api/howto/IdP/configureoidc.html
"userIdentifier": "email"
Have no idea it it is the same with Nomad, just an idea :)
You are testing Domino 14.5?
I'm waiting for 14.5 to connect Nomad to ID vault since I don't like SAML and I prefer OIDC.
What's in REST doesn't work in Nomad ((
I am testing on Domino 14.0.0.0FP4, Nomad 1.0.15IF1, keycloak 26.1.3.
About SAML I agree with you. Very inconvenient to customize and maintain. I'm really waiting for full OIDC support for the whole line (nomad, verse+inotes + idfiles, sametime).
