Unable to use Identity Service (Keycloak) for authentication

cancel
Showing results for 
Search instead for 
Did you mean: 
darkul
Member II

Unable to use Identity Service (Keycloak) for authentication

Using Alfresco Process Services docker image (https://hub.docker.com/r/alfresco/process-services) version 24.2.1 we are unable to configure the app to use Identity Service or Keycloak despite following the docs (https://docs.alfresco.com/process-services/latest/config/authenticate/#identity-service). We've set all the required properties, copied it to docker container and started the app - standard, db based authentication page appears - no redirect to Identity Service/Keycloak. Our config file looks like shown below, and was copied to docker container (location: /usr/local/tomcat/webapps/activiti-app/WEB-INF/classes/META-INF/activiti-app/activiti-identity-service.properties). Is there sth we are missing? Please help us to settle this up.

 

# --------------------------
# IDENTITY SERVICE
# --------------------------

activiti.identity-service.enabled=true
activiti.identity-service.realm=master
activiti.identity-service.auth-server-url=http://localhost:8080
activiti.identity-service.resource=bpm
activiti.identity-service.principal-attribute=email
activiti.identity-service.retry.maxAttempts=20
activiti.identity-service.retry.delay=10000

# set secret key if access type is not public for this client in keycloak
activiti.identity-service.credentials.secret=[SECRET]

# If true will use keycloak logout URL from browser as specified in
# https://www.keycloak.org/docs/6.0/securing_apps/index.html#logout
# i.e. http://auth-server/auth/realms/{realm-name}/protocol/openid-connect/logout?redirect_uri=encodedRedirectUri
activiti.use-browser-based-logout=false

activiti.identity-service.cookie-auth-enabled=false

# Content services Identity service configuration
alfresco.content.sso.enabled=${activiti.identity-service.enabled}
alfresco.content.sso.client_id=${activiti.identity-service.resource}
alfresco.content.sso.client_secret=${activiti.identity-service.credentials.secret}
alfresco.content.sso.realm=${activiti.identity-service.realm}
alfresco.content.sso.scope=offline_access
alfresco.content.sso.auth_uri=${activiti.identity-service.auth-server-url}/realms/${alfresco.content.sso.realm}/protocol/openid-connect/auth
alfresco.content.sso.token_uri=${activiti.identity-service.auth-server-url}/realms/${alfresco.content.sso.realm}/protocol/openid-connect/token
alfresco.content.sso.redirect_uri=http://localhost:9999/activiti-app/app/rest/integration/sso/confirm-auth-request