SSO Keycloak

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Member

SSO Keycloak

Jump to solution

Hi All,

I can't configure SSO . I get the following error:

2020-02-26 09:51:03,402 WARN [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, identity-service1] failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent'
defined in URL [jar:file:/var/lib/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]:
Cannot resolve reference to bean 'authenticatorAuthzClient' while setting bean property 'authenticatorAuthzClient'; nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'authenticatorAuthzClient': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException:
Could not obtain configuration from server [http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration].
.......
Caused by: java.lang.RuntimeException: Error executing http method [RequestBuilder [method=GET, charset=UTF-8, version=null, uri=http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration, headerGroup=null, entity=null, parameters=null, config=null]]. Response : null
at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
at org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
at org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:251)
... 60 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)

.........

Response from the Keycloak server  http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration

{"issuer":"http://localhost:8880/auth/realms/alfresco","authorization_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/auth","token_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token","token_introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect","end_session_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/logout","jwks_uri":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/certs","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"http://localhost:8880/auth/realms/alfresco/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"scopes_supported":["openid","address","email","microprofile-jwt","offline_access","phone","profile","roles","web-origins"],"resource_registration_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/resource_set","permission_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/permission","policy_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/uma-policy","introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect"}

Pls help me!

1 Solution

Accepted Solutions
Highlighted
Established Member

Re: SSO Keycloak

Jump to solution

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

View solution in original post

1 Reply
Highlighted
Established Member

Re: SSO Keycloak

Jump to solution

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

View solution in original post