AnsweredAssumed Answered

Keycloak authentification APS

Question asked by narjisseatos on Feb 28, 2019
Latest reply on Mar 1, 2019 by bassam.al-sarori

Hi,

I have a problem when I try to connect keycloak to APS

keycloak version: 3.4.3
APS version: 1.9.01

ACS version : 6.1

 

«localhost:9080/activiti-app» redirects to :

http://localhost:8080/auth/realms/alfresco-dbp/protocol/openid-connect/auth?response_type=code&client_id=alfresco-client&redirect_uri=http%3A%2F%2Flocalhost%3A9080%2Factiviti-app%2Fsso%2Flogin&state=e1f89ef2-25e3-4ea4-b3f4-aac61e6e5a57&login=true&scope=openid 

then, after authentication, to

http://localhost:9080/activiti-app/sso/login?state=dcc9f547-19d4-44ce-b5a5-745e1ab233f9&session_state=fe20faed-42b6-4dd7-b20a-49809b9df49f&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..SFQ6armG0bv5nEyGxNlipg.qP_oJCtHKUdOy4E_2QFlzLv-bBl88mjqjzcaxmncQqwk0yiLvSzIHSg4OtwmPTox7QiRQPlj2bLlYGAKLABPkbOexwk8bc5kqGQSgrA1eat3kXIIFa5Ia0sIkzasRnrzBFRKjRW4XB7_nnrvYo0CEwHlVUoawzx_8hEF2hCH8-PDhqohd-RrRDI05os3GQN2OD4aKL1RzQektB36imEc1_-mcbejoRV_suwpbfkMNw6hF4UuEdbxGkQamYs7DwD1.Klpwxzomlku6dcbSvhXo0w Keycloack APS error

 

 

activiti-identity-service.properties

# --------------------------------
# IDENTITY SERVICE (i.e. Keycloak)
# --------------------------------

keycloak.enabled=true
keycloak.realm=alfresco-dbp
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=none
keycloak.resource=alfresco-client
keycloak.principal-attribute=email
# set to true if access type is public for this client in keycloak
keycloak.public-client=true
keycloak.always-refresh-token=true
keycloak.autodetect-bearer-only=true
keycloak.token-store=cookie
keycloak.enable-basic-auth=true

 

alfresco-global.properties

jodconverter.enabled=true

# Identity Service (i.e. Keycloak)
# --------------------------------

# UNCOMMENT TO ENABLE Identity Service (i.e. Keycloak) for ACS
authentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm
identity-service.authentication.enabled=true
identity-service.enable-basic-auth=true
identity-service.authentication.defaultAdministratorUserNames=admin
identity-service.authentication.validation.failure.silent=false
identity-service.auth-server-url=http://localhost:8080/auth
identity-service.realm=alfresco-dbp
identity-service.resource=alfresco-client
identity-service.public-client=true
identity-service.ssl-required=none

 

 

Bassam Al-Sarori

Outcomes