OAuth2 Login module fails to start – missing oauth2.properties when integrating Keycloak with OpenMRS

Hi everyone. I’m trying to integrate Keycloak with OpenMRS so that OpenMRS and a separate frontend app can share the same login (SSO). Below are the steps I’ve followed and the issue I’m facing.

What I have done so far

1. Set up Keycloak

• Ran Keycloak using Docker:

  docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:latest start-dev
  
  

• Created a new realm: openmrs-realm

• Created two clients in the realm:

  • OpenMRS client

    • Client ID: openmrs-client

    • Access type: confidential

  • Frontend app client

    • Client ID: react-client

    • Access type: public (SPA)

• Configured valid redirect URIs:

  • OpenMRS: http://localhost:8080/openmrs/*

  • Frontend app: http://localhost:3000/*

2. Integrate OpenMRS with Keycloak

• Downloaded and built the OAuth2 Login module: https://github.com/openmrs/openmrs-module-oauth2login

  mvn clean install
  
  

• Uploaded the generated .omod file to the OpenMRS backend via the admin UI

Issue encountered

When I upload and start the oauth2login module, it fails to start with the following error:

ERROR - PropertyUtils.getOAuth2PropertiesPath | the property file doesn't exist /openmrs/data/oauth2.properties
WARN  - ModuleFactory.startModuleInternal | Error while trying to start module: oauth2login
org.openmrs.module.ModuleException: Failed to load OAuth2 properties file
Caused by: java.nio.file.NoSuchFileException: /openmrs/data/oauth2.properties

It appears the module is expecting an oauth2.properties file at:

/openmrs/data/oauth2.properties

but the file does not exist.

Questions

1. Where exactly should the oauth2.properties file be created for this module?

2. Is there a sample or template for oauth2.properties specifically for Keycloak?

3. If running OpenMRS in Docker, do I need to mount this file as a volume?

4. Are there any additional steps required to configure the OAuth2 Login module with Keycloak?

Any guidance or documentation references would be greatly appreciated.

Thanks in advance!

Your first two questions are answered in the README for the module. For 3, that’s probably the easiest way to get it there. For 4, I’d say not, but note that if you’re running Keycloak separately from the OpenMRS Docker Compose stack you’ll likely want to create a Docker network for it and you’ll need to modify the docker-compose.yaml file for OpenMRS so that it can access that network. Otherwise you may need to hard-code IP addresses. This blog post has some helpful pointers and here is the Docker Compose docs, note particularly the section on using an existing network.

Thank you I will try this.

As suggested, I tried the recommended approach, but I am now facing a different error.

What I did

1. Inside the OpenMRS Reference Application distro folder, I created a directory named:

openmrs-data

2. Inside that folder, I created the file:

oauth2.properties

with the following content:

clientId = openmrs-client
clientSecret = mysecretkey

userAuthorizationUri = http://localhost/realms/openmrs/protocol/openid-connect/auth
accessTokenUri = http://localhost/realms/openmrs/protocol/openid-connect/token
userInfoUri = http://localhost/realms/openmrs/protocol/openid-connect/userinfo
keysUrl = http://localhost/realms/openmrs/protocol/openid-connect/certs

openmrs.mapping.user.systemId = sub
openmrs.mapping.user.username = preferred_username
openmrs.mapping.person.givenName = given_name
openmrs.mapping.person.familyName = family_name
openmrs.mapping.user.email = email
openmrs.mapping.user.roles = roles

3. Then I added the following volume mapping to the backend service in docker-compose.yml:

volumes:
  - ./openmrs-data:/openmrs/data

4. After that, I uploaded the module:

oauth2login-1.6.0-SNAPSHOT.omod

What happened

• The previous error “Failed to load OAuth2 properties file” is now gone.

• However, after some time the application stops working.

• When I restart Docker, OpenMRS fails to start with the error below.

Error on startup

Apologies for the very delayed response. You need to define a scope property which should be able to be blank, but should be there. The scopes you need to send are dependent on the configuration of your Keycloak server and basically whether you are using scoped-based permissions.