Anhand der Doku 🔒🔑 External Identity Providers for User Authentication & MailCow - KeyCloak habe ich den IDP für KeyCloak aufgesetzt.
Leider kommt es beim “Connection Test” von IDP KeyCloak zur Meldung Connection failed. Aber es sind keine Fehlermeldung in den Logs zu finden.
Bei einem Login via SSO werde ich an KeyCloak weitergeleitet und kann mich erfolgreich authentifizieren (LOGIN SUCCESS). Beim redirect zu MailCOW kommt dann die Fehlermeldung Anmeldung fehlgeschlagen!
In den Logs von “Mailcouw UI” ist dann folgende Meldung zu finden: ["identity_provider","Invalid response received from Authorization Server. Expected JSON."]`
Aktuell habe ich keinen Ansatzpunkt zur weiteren Fehlereingrenzung (Debugging)…
Danke und eine schöne Woche…
Ursache gefunden: Es war das Geo-Blocking vom Reverse Proxy Traefik
ISSUE
traefik | INFO: GeoBlock: 2026/01/12 09:49:42 geoblock-de@file: request denied [fd06:a705:275b::1] since local IP addresses are denied
traefik | fd06:a705:275b::1 - - [12/Jan/2026:09:49:42 +0000] "POST /realms/0xfe/protocol/openid-connect/token HTTP/2.0" 403 0 "-" "-" 8847 "app001@docker" "-" 0ms
traefik | 2a02:::::::: - - [12/Jan/2026:09:49:42 +0000] "POST /api/v1/edit/identity-provider-test HTTP/2.0" 200 59 "-" "-" 8846 "mailcow@docker" "http://172.18.0.6:18080" 41ms
FIX
traefik | INFO: GeoBlock: 2026/01/12 09:53:09 geoblock-de@file: request allowed [fd06:a705:275b::1] since local IP addresses are allowed
traefik | fd06:a705:275b::1 - - [12/Jan/2026:09:53:09 +0000] "POST /realms/realmname/protocol/openid-connect/token HTTP/2.0" 200 1682 "-" "-" 12 "app001@docker" "http://172.18.0.4:8080" 11ms
traefik | 2a02:::::::: - - [12/Jan/2026:09:53:09 +0000] "POST /api/v1/edit/identity-provider-test HTTP/2.0" 200 59 "-" "-" 11 "mailcow@docker" "http://172.18.0.6:18080" 105ms
traefik | INFO: GeoBlock: 2026/01/12 09:53:27 geoblock-de@file: request allowed [fd06:a705:275b::1] since local IP addresses are allowed
Ursache gefunden: Es war das Geo-Blocking vom Reverse Proxy Traefik
ISSUE
traefik | INFO: GeoBlock: 2026/01/12 09:49:42 geoblock-de@file: request denied [fd06:a705:275b::1] since local IP addresses are denied
traefik | fd06:a705:275b::1 - - [12/Jan/2026:09:49:42 +0000] "POST /realms/realmname/protocol/openid-connect/token HTTP/2.0" 403 0 "-" "-" 8847 "app001@docker" "-" 0ms
traefik | 2a02:::::::: - - [12/Jan/2026:09:49:42 +0000] "POST /api/v1/edit/identity-provider-test HTTP/2.0" 200 59 "-" "-" 8846 "mailcow@docker" "http://172.18.0.6:18080" 41ms
FIX
traefik | INFO: GeoBlock: 2026/01/12 09:53:09 geoblock-de@file: request allowed [fd06:a705:275b::1] since local IP addresses are allowed
traefik | fd06:a705:275b::1 - - [12/Jan/2026:09:53:09 +0000] "POST /realms/realmname/protocol/openid-connect/token HTTP/2.0" 200 1682 "-" "-" 12 "app001@docker" "http://172.18.0.4:8080" 11ms
traefik | 2a02:::::::: - - [12/Jan/2026:09:53:09 +0000] "POST /api/v1/edit/identity-provider-test HTTP/2.0" 200 59 "-" "-" 11 "mailcow@docker" "http://172.18.0.6:18080" 105ms
traefik | INFO: GeoBlock: 2026/01/12 09:53:27 geoblock-de@file: request allowed [fd06:a705:275b::1] since local IP addresses are allowed