Help

Unable to use Identity Service (Keycloak) for authentication

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
darkul
Member II
‎6 Aug 2024 7:01 AM

Unable to use Identity Service (Keycloak) for authentication

Using Alfresco Process Services docker image (https://hub.docker.com/r/alfresco/process-services) version 24.2.1 we are unable to configure the app to use Identity Service or Keycloak despite following the docs (https://docs.alfresco.com/process-services/latest/config/authenticate/#identity-service). We've set all the required properties, copied it to docker container and started the app - standard, db based authentication page appears - no redirect to Identity Service/Keycloak. Our config file looks like shown below, and was copied to docker container (location: /usr/local/tomcat/webapps/activiti-app/WEB-INF/classes/META-INF/activiti-app/activiti-identity-service.properties). Is there sth we are missing? Please help us to settle this up.

 

# --------------------------
# IDENTITY SERVICE
# --------------------------

activiti.identity-service.enabled=true
activiti.identity-service.realm=master
activiti.identity-service.auth-server-url=http://localhost:8080
activiti.identity-service.resource=bpm
activiti.identity-service.principal-attribute=email
activiti.identity-service.retry.maxAttempts=20
activiti.identity-service.retry.delay=10000

# set secret key if access type is not public for this client in keycloak
activiti.identity-service.credentials.secret=[SECRET]

# If true will use keycloak logout URL from browser as specified in
# https://www.keycloak.org/docs/6.0/securing_apps/index.html#logout
# i.e. http://auth-server/auth/realms/{realm-name}/protocol/openid-connect/logout?redirect_uri=encodedRedirectUri
activiti.use-browser-based-logout=false

activiti.identity-service.cookie-auth-enabled=false

# Content services Identity service configuration
alfresco.content.sso.enabled=${activiti.identity-service.enabled}
alfresco.content.sso.client_id=${activiti.identity-service.resource}
alfresco.content.sso.client_secret=${activiti.identity-service.credentials.secret}
alfresco.content.sso.realm=${activiti.identity-service.realm}
alfresco.content.sso.scope=offline_access
alfresco.content.sso.auth_uri=${activiti.identity-service.auth-server-url}/realms/${alfresco.content.sso.realm}/protocol/openid-connect/auth
alfresco.content.sso.token_uri=${activiti.identity-service.auth-server-url}/realms/${alfresco.content.sso.realm}/protocol/openid-connect/token
alfresco.content.sso.redirect_uri=http://localhost:9999/activiti-app/app/rest/integration/sso/confirm-auth-request

 

Labels
0 Kudos
Alfresco Process Services Forum

Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.