setRedirectURL($redirectUrl); $oidc->addScope(['openid', 'profile', 'email']); // Complete the OAuth2 flow (exchange code for tokens) $oidc->authenticate(); // Get user information from Keycloak $userInfo = $oidc->requestUserInfo(); // Extract email from Keycloak response $email = $userInfo->email ?? null; if (!$email) { throw new \Exception('Keycloak did not return an email address.'); } // Find admin user in Vvveb database using Vvveb API // Only get active admins (status = 1) $adminInfo = Admin::get([ 'email' => $email, 'status' => 1, ]); if (!$adminInfo) { // User not found or not active http_response_code(403); ?> Access Denied

Access Denied

The email is not registered as an active admin in Vvveb.

Please contact your administrator to grant access.

Return to login page

regenerateId(true); // Remove password hash from session data if (isset($adminInfo['password'])) { unset($adminInfo['password']); } // Optionally store Keycloak user info for reference // $adminInfo['keycloak_sub'] = $userInfo->sub ?? null; // $adminInfo['keycloak_username'] = $userInfo->preferred_username ?? null; // Set admin session (namespace 'admin' is used by Vvveb\System\User\Admin) $session->set('admin', $adminInfo); // Redirect to admin dashboard // Use adminPath() helper if available, otherwise hardcode $adminPath = \Vvveb\adminPath() ?: '/admin/'; header('Location: ' . $adminPath . 'index.php'); exit; } catch (\Exception $e) { // Log error (if logging is available) if (function_exists('error_log')) { error_log('Keycloak SSO Error: ' . $e->getMessage()); } // Show error page http_response_code(500); ?> Authentication Error

Authentication Error

Keycloak authentication failed:

getMessage(), ENT_QUOTES, 'UTF-8'); ?>

Return to login page