Help

Cannot login to ACS using newly created user in keycloak

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
kota_pardhu
Partner
‎19 Oct 2023 7:09 AM

Cannot login to ACS using newly created user in keycloak

I am trying to configure ACS with IDS. 

I followed https://docs.alfresco.com/identity-service/latest/install/zip/ and brought the IDS up on my machine and running ACS also in local on Tomcat and configured it with IDS by adding the below properties.

Added the below properties in alf_data\tomcat\webapps\share\WEB-INF\classes\share-config.properties

aims.enabled=true
aims.realm=alfresco
aims.resource=alfresco
aims.authServerUrl=http://localhost:8999/auth
aims.sslRequired=external
aims.publicClient=
aims.autodetectBearerOnly=
aims.alwaysRefreshToken=
aims.principalAttribute=sub
aims.enableBasicAuth=true

Added the below properties in alf_data\tomcat\shared\classes\alfresco-global.properties

authentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm
identity-service.enable-basic-auth=true
identity-service.authentication.validation.failure.silent=false
identity-service.auth-server-url=http://localhost:8999/auth
identity-service.realm=alfresco
identity-service.resource=alfresco

And I've created a new user in keycloak under Alfresco realm using localhost:8999/auth and trying to login to the ACS using this new user credentials and getting the below error.

ERROR [org.springframework.extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-8] Exception from executeScript: 09190061 User does not exist and could not be created: pardhu

Am I missing any other configuration or configured something wrong ?
Can someone please help me resolve this ?

0 Kudos
1 Reply
unibravo
Active Member II
‎29 May 2024 0:44 AM

Re: Cannot login to ACS using newly created user in keycloak

I hope that will be useful.
 
Example my Url http://acs.alf.com
 
alfresco-global.properties
 
# ACS
authentication.chain=identity-service-1:identity-service,alfrescoNtlm-1:alfrescoNtlm
identity-service.enable-basic-auth=true
identity-service.auth-server-url=http://acs.alf.com/auth
identity-service.authentication.enabled=true
identity-service.authentication.defaultAdministratorUserNames=admin
identity-service.authentication.validation.failure.silent=false
identity-service.realm=alfresco
identity-service.resource=alfresco
identity-service.public-client=true
identity-service.ssl-required=none

csrf.filter.referer=http://acs.alf.com
csrf.filter.origin=http://acs.alf.com/*

# Alfresco Share AIMS
aims.enabled=true
aims.realm=alfresco
aims.resource=share
aims.authServerUrl=http://acs.alf.com/auth
aims.publicClient=true
aims.sslRequired=none
aims.autodetectBearerOnly=true
aims.alwaysRefreshToken=true
aims.enableBasicAuth=true
aims.principalattribute=email
#aims.secret=

 

share-config-custom.xml

<!-- AIMS -->
<config evaluator="string-compare" condition="AIMS">
<enabled>true</enabled>
<realm>alfresco</realm>
<resource>share</resource>
<authServerUrl>http://acs.alf.com/auth</authServerUrl>
<sslRequired>none</sslRequired>
<publicClient>true</publicClient>
<autodetectBearerOnly>true</autodetectBearerOnly>
<alwaysRefreshToken>true</alwaysRefreshToken>
<principalAttribute>email</principalAttribute>
<enableBasicAuth>true</enableBasicAuth>
</config>

 

https://docs.alfresco.com/identity-service/latest/tutorial/sso/saml/

Best Regards

Mehmet Demirel

SelenSoft

Alfresco Community Türkiye

0 Kudos
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.