Cannot login to ACS using newly created user in keycloak

cancel
Showing results for 
Search instead for 
Did you mean: 
kota_pardhu
Partner

Cannot login to ACS using newly created user in keycloak

I am trying to configure ACS with IDS. 

I followed https://docs.alfresco.com/identity-service/latest/install/zip/ and brought the IDS up on my machine and running ACS also in local on Tomcat and configured it with IDS by adding the below properties.

Added the below properties in alf_data\tomcat\webapps\share\WEB-INF\classes\share-config.properties

aims.enabled=true
aims.realm=alfresco
aims.resource=alfresco
aims.authServerUrl=http://localhost:8999/auth
aims.sslRequired=external
aims.publicClient=
aims.autodetectBearerOnly=
aims.alwaysRefreshToken=
aims.principalAttribute=sub
aims.enableBasicAuth=true

Added the below properties in alf_data\tomcat\shared\classes\alfresco-global.properties

authentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm
identity-service.enable-basic-auth=true
identity-service.authentication.validation.failure.silent=false
identity-service.auth-server-url=http://localhost:8999/auth
identity-service.realm=alfresco
identity-service.resource=alfresco

And I've created a new user in keycloak under Alfresco realm using localhost:8999/auth and trying to login to the ACS using this new user credentials and getting the below error.

ERROR [org.springframework.extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-8] Exception from executeScript: 09190061 User does not exist and could not be created: pardhu

Am I missing any other configuration or configured something wrong ?
Can someone please help me resolve this ?

1 Reply
unibravo
Active Member II

Re: Cannot login to ACS using newly created user in keycloak

I hope that will be useful.
 
Example my Url http://acs.alf.com
 
alfresco-global.properties
 
# ACS
authentication.chain=identity-service-1:identity-service,alfrescoNtlm-1:alfrescoNtlm
identity-service.enable-basic-auth=true
identity-service.auth-server-url=http://acs.alf.com/auth
identity-service.authentication.enabled=true
identity-service.authentication.defaultAdministratorUserNames=admin
identity-service.authentication.validation.failure.silent=false
identity-service.realm=alfresco
identity-service.resource=alfresco
identity-service.public-client=true
identity-service.ssl-required=none

csrf.filter.referer=http://acs.alf.com
csrf.filter.origin=http://acs.alf.com/*

# Alfresco Share AIMS
aims.enabled=true
aims.realm=alfresco
aims.resource=share
aims.authServerUrl=http://acs.alf.com/auth
aims.publicClient=true
aims.sslRequired=none
aims.autodetectBearerOnly=true
aims.alwaysRefreshToken=true
aims.enableBasicAuth=true
aims.principalattribute=email
#aims.secret=

 

share-config-custom.xml

<!-- AIMS -->
<config evaluator="string-compare" condition="AIMS">
<enabled>true</enabled>
<realm>alfresco</realm>
<resource>share</resource>
<authServerUrl>http://acs.alf.com/auth</authServerUrl>
<sslRequired>none</sslRequired>
<publicClient>true</publicClient>
<autodetectBearerOnly>true</autodetectBearerOnly>
<alwaysRefreshToken>true</alwaysRefreshToken>
<principalAttribute>email</principalAttribute>
<enableBasicAuth>true</enableBasicAuth>
</config>

 

https://docs.alfresco.com/identity-service/latest/tutorial/sso/saml/

Best Regards

Mehmet Demirel

SelenSoft

Alfresco Community Türkiye