alerta: Customer views - can't login - NoCustomerMatch - Keycloak

Issue Summary Customers Keycloak roles do not match.

Environment

• OS: CentOS 7

• API version: 8.5.0

• Deployment: Docker

• Database: Postgres

• Server config: Auth enabled: Yes Auth provider: Keycloack Customer views: Yes

• web UI version: 8.5.0

• CLI version: 8.5.0

To Reproduce Steps to reproduce the behavior:

1. Follow the official doc to configure Keycloak client.
2. Then add new Keycloak role in the Customers menu
3. Try lo loggin with customer account
4. See error: No customer lookup configured for user ‘-----’ or ‘-----.com’ (403)

Expected behavior I expect that the user can identify with the group configured in Keycloak

Screenshots

Keycloack config:

Alerta Customers config:

Alertad Docker config

    environment:
      # - DEBUG=True  # remove this line to turn DEBUG off
      - DATABASE_URL=postgres://postgres:postgres@db:5432/monitoring
      - AUTH_REQUIRED=True
      - ADMIN_USERS=admin@alerta.io,devops@alerta.io
      - ADMIN_PASSWORD=alerta # default is "alerta"
      - ADMIN_KEY=demo-key  # assigned to first user in ADMIN_USERS
      - PLUGINS=remote_ip,reject,heartbeat,blackout,normalise,prometheus

      - http_proxy=http://xxx.xxx.xxx.xxx:80
      - https_proxy=http://xxx.xxx.xxx.xxx:80

      - CUSTOMER_VIEWS=True

      - AUTH_PROVIDER=keycloak
      - KEYCLOAK_URL=https://my-keycloak-url.com
      - KEYCLOAK_REALM=my_realm
      - OAUTH2_CLIENT_ID=demo-alerta
      - OAUTH2_CLIENT_SECRET=********
      - ALLOWED_KEYCLOAK_ROLES=admin,guest,user,alerta-devops,alerta-kpi,alerta-mco

      - USE_PROXYFIX=True # use if proxy is terminating HTTPS traffic
      - ALLOWED_ENVIRONMENTS=Production,Development,Code,None,Acceptation
      - SIGNUP_ENABLED=False

However, it works if I manually configure the client name with the keycloak role name.