Alfresco + Keycloak

cancel
Showing results for 
Search instead for 
Did you mean: 
brancott
Active Member

Alfresco + Keycloak

Hey guys! I alresdy have a separate keycloak server running. How do I configure Alfresco to authenticate with it? Do I need some additional modules? I've tried add this to my alfresco-global.properties (Alfresco 6.2 in a docker)

-Dauthentication.chain=identity-service1:identity-service,ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
-Dntlm.authentication.sso.enabled=false
-Dldap.authentication.userNameFormat=%s
-Dldap.authentication.allowGuestLogin=false
-Dldap.authentication.java.naming.provider.url=ldap://dc1.mydomain.com:389
-Dldap.authentication.defaultAdministratorUserNames=admin
-Dldap.synchronization.java.naming.security.principal=user_alfresco@mydomain.com
-Dldap.synchronization.java.naming.security.credentials=xxxx
-Dldap.synchronization.groupSearchBase=dc\=mydomain,dc\=com
-Dldap.synchronization.userSearchBase=dc\=mydomain,dc\=com

-Didentity-service.authentication.enabled=true
-Didentity-service.enable-basic-auth=true
-Didentity-service.authentication.defaultAdministratorUserNames=admin
-Didentity-service.authentication.validation.failure.silent=false
-Didentity-service.auth-server-url=https://keycloak.mydomain.com/auth/
-Didentity-service.realm=alfresco
-Didentity-service.resource=alfresco-client
-Didentity-service.public-client=true
-Didentity-service.ssl-required=none‍‍‍‍

But it breaks Alfresco:

2021-04-08 11:01:26,460 ERROR [web.context.ContextLoader] [localhost-startStop-1] Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'patch.updateAdminUserWhenDefault' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/patch/patch-services-context.xml]: Invocation of init method failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'remoteUserMapper' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]: Cannot resolve reference to bean 'identityServiceDeployment' while setting bean property 'identityServiceDeployment'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'identityServiceDeployment': FactoryBean threw exception on object creation; nested exception is java.lang.IllegalArgumentException: No enum constant org.keycloak.common.enums.SslRequired.NON�
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1778)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:593)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:515)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:845)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:877)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:400)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:291)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103)
at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:70)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4699)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5165)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:129)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:150)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:717)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'remoteUserMapper' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]: Cannot resolve reference to bean 'identityServiceDeployment' while setting bean property 'identityServiceDeployment'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'identityServiceDeployment': FactoryBean threw exception on object creation; nested exception is java.lang.IllegalArgumentException: No enum constant org.keycloak.common.enums.SslRequired.NON�
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:314)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:110)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1681)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1433)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:592)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:515)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:845)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:877)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:824)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:1098)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:320)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.getApplicationContext(ChildApplicationContextFactory.java:450)
at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.getApplicationContext(DefaultChildApplicationContextManager.java:382)
at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.start(DefaultChildApplicationContextManager.java:328)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:1098)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:320)
at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager.getInstanceIds(DefaultChildApplicationContextManager.java:187)
at org.alfresco.repo.admin.patch.impl.AdminUserPatch.afterPropertiesSet(AdminUserPatch.java:111)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.lambda$invokeInitMethods$5(AbstractAutowireCapableBeanFactory.java:1828)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1827)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1774)
... 30 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'identityServiceDeployment': FactoryBean threw exception on object creation; nested exception is java.lang.IllegalArgumentException: No enum constant org.keycloak.common.enums.SslRequired.NON�
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:101)
at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1674)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getObjectForBeanInstance(AbstractAutowireCapableBeanFactory.java:1249)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:257)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:303)
... 56 more
Caused by: java.lang.IllegalArgumentException: No enum constant org.keycloak.common.enums.SslRequired.NON�
at java.base/java.lang.Enum.valueOf(Enum.java:240)
at org.keycloak.common.enums.SslRequired.valueOf(SslRequired.java:28)
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:79)
at org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:205)
at org.alfresco.repo.security.authentication.identityservice.IdentityServiceDeploymentFactoryBean.getObject(IdentityServiceDeploymentFactoryBean.java:57)
at org.alfresco.repo.security.authentication.identityservice.IdentityServiceDeploymentFactoryBean.getObject(IdentityServiceDeploymentFactoryBean.java:1)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:164)
... 62 more
08-Apr-2021 11:01:26.478 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal One or more listeners failed to start. Full details will be found in the appropriate container log file
08-Apr-2021 11:01:26.480 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Context [/alfresco] startup failed due to previous errors
08-Apr-2021 11:01:26.572 WARNING [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web application [alfresco] appears to have started a thread named [QuartzScheduler_Worker-1] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
java.base@11.0.1/java.lang.Object.wait(Native Method)
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:568)