Help

SSO Keycloak

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
pbar
Active Member
‎26 Feb 2020 10:23 AM

SSO Keycloak

Jump to solution

Hi All,

I can't configure SSO . I get the following error:

2020-02-26 09:51:03,402 WARN [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, identity-service1] failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent'
defined in URL [jar:file:/var/lib/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]:
Cannot resolve reference to bean 'authenticatorAuthzClient' while setting bean property 'authenticatorAuthzClient'; nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'authenticatorAuthzClient': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException:
Could not obtain configuration from server [http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration].
.......
Caused by: java.lang.RuntimeException: Error executing http method [RequestBuilder [method=GET, charset=UTF-8, version=null, uri=http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration, headerGroup=null, entity=null, parameters=null, config=null]]. Response : null
at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
at org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
at org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:251)
... 60 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)

.........

Response from the Keycloak server  http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration

{"issuer":"http://localhost:8880/auth/realms/alfresco","authorization_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/auth","token_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token","token_introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect","end_session_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/logout","jwks_uri":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/certs","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"http://localhost:8880/auth/realms/alfresco/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"scopes_supported":["openid","address","email","microprofile-jwt","offline_access","phone","profile","roles","web-origins"],"resource_registration_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/resource_set","permission_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/permission","policy_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/uma-policy","introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect"}

Pls help me!

0 Kudos
1 Solution

Accepted Solutions
narkuss
Established Member II
‎28 Feb 2020 7:18 AM

Re: SSO Keycloak

Jump to solution

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

View solution in original post

4 Replies
narkuss
Established Member II
‎28 Feb 2020 7:18 AM

Re: SSO Keycloak

Jump to solution

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

BrunoA
Active Member
‎30 Apr 2020 5:39 PM

Re: SSO Keycloak

Jump to solution
@narkuss wrote:

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

Thanks a lot for this solution!

jonbj
Active Member
‎30 May 2021 1:26 PM

Re: SSO Keycloak

Jump to solution

Can you share your docker-compose file?

0 Kudos
lawrencejonish
Member II
‎13 Sep 2023 0:57 PM

Re: SSO Keycloak

Jump to solution

SSO Keycloak is a crucial tool for enhancing security and user experience in web applications. When it comes to optimizing SEO content, integrating ChatGPT with Keycloak can be a game-changer. By leveraging this combination, you can create dynamic and engaging content that not only ranks well but also offers a personalized user experience. This innovative approach, using ChatGPT for SEO content, aligns perfectly with the evolving digital landscape in 2023, ensuring your content remains relevant and competitive.

0 Kudos
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.