When configuring Keycloak OIDC Connector Timeout Syncing Error

[yjperez]

Getting the below message in the Audit Logs when connecting to a Keycloak OIDC connector

{"caller":"events/emitter.go:265","cluster_name":"teleport-cluster","code":"T1001W","component":"audit","ei":0,"error":"timed out syncing oidc connector keycloak, ensure URL \"https://keycloak.example.com8443/\" is valid and accessible and check configuration","event":"user.login","fields.message":"timed out syncing oidc connector keycloak, ensure URL \"https://keycloak.example.com:8443/\" is valid and accessible and check configuration","level":"info","message":"user.login","method":"oidc","success":false,"time":"2023-03-28T13:42:26.308Z","timestamp":"2023-03-28T13:42:26Z","uid":"0abc3f87-f2e4-48fa-9f65-4217535cac5f"}

First, you would have to confirm there is connectivity between the Auth server and your Keycloadk IdP. This could be done by running this command: nc -vz keycloak.example.com 8443 and also running a curl command. If connectivity is active then move to the below steps.

In Keycloak version 20 there was a change on where the default openid-configuration lives. The URL moved from <keycloak-rul>/auth/realms/api-test/.well_known/openid-configuration to <keycloak-rul>/auth/realms/api-test/.well_known/openid-configuration. This file is important because it is how the initial OIDC discovery is triggered. If this is the case for you, then you will need to specify a relative-http-path in the Keycloak configuration.

[beleyj-ss]

Just an update to the above post. The URL got moved to:
{keycloak-url}/realms/{realm-name}/.well_known/openid-configuration

Notice that it no longer has /auth/

https://stackoverflow.com/questions/28658735/what-are-keycloaks-oauth2-openid-connect-endpoints