How to integrate Keycloak with Alfresco Community 7.2?

mahesh1b — Mon, 29 Aug 2022 13:13:20 GMT

I have been trying to integrate the keycloak container with the Alfresco community 7.2 however the default alfresco community on docker-compose worked fine, when I added the keycloak container am not able to access the keycloak container and it keeps crashing.

here is the log of the keycloak container:

37104-72-identity-service-1  | 	at java.base/java.lang.Thread.run(Thread.java:829)
37181-72-identity-service-1  | 	at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
37297-72-identity-service-1  | Caused by: org.postgresql.util.PSQLException: FATAL: database "keycloak" does not exist
37410:72-identity-service-1  | 	at org.postgresql.jdbc@42.2.5//org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2440)
37558-72-identity-service-1  | 	at org.postgresql.jdbc@42.2.5//org.postgresql.core.v3.QueryExecutorImpl.readStartupMessages(QueryExecutorImpl.java:2559)
37705-72-identity-service-1  | 	at org.postgresql.jdbc@42.2.5//org.postgresql.core.v3.QueryExecutorImpl.<init>(QueryExecutorImpl.java:133)
37838-72-identity-service-1  | 	at org.postgresql.jdbc@42.2.5//org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:250)
--
38463-72-identity-service-1  | 	at org.jboss.ironjacamar.jdbcadapters@1.5.3.Final//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:335)
38673-72-identity-service-1  | 	... 60 more
38711-72-identity-service-1  | 
38737:72-identity-service-1  | [0m[31m12:01:43,957 FATAL [org.keycloak.services] (ServerService Thread Pool -- 57) Error during startup: java.lang.RuntimeException: Failed to connect to database
38928-72-identity-service-1  | 	at org.keycloak.keycloak-model-jpa@16.1.1//org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:420)
39122-72-identity-service-1  | 	at org.keycloak.keycloak-model-jpa@16.1.1//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lazyInit(LiquibaseDBLockProvider.java:65)
39309-72-identity-service-1  | 	at org.keycloak.keycloak-model-jpa@16.1.1//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lambda$waitForLock$2(LiquibaseDBLockProvider.java:96)
--
50298-72-identity-service-1  | 	at org.jboss.ironjacamar.impl@1.5.3.Final//org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:624)
50487-72-identity-service-1  | 	... 53 more
50525-72-identity-service-1  | Caused by: org.postgresql.util.PSQLException: FATAL: database "keycloak" does not exist
50638:72-identity-service-1  | 	at org.postgresql.jdbc@42.2.5//org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2440)
50786-72-identity-service-1  | 	at org.postgresql.jdbc@42.2.5//org.postgresql.core.v3.QueryExecutorImpl.readStartupMessages(QueryExecutorImpl.java:2559)
50933-72-identity-service-1  | 	at org.postgresql.jdbc@42.2.5//org.postgresql.core.v3.QueryExecutorImpl.<init>(QueryExecutorImpl.java:133)
51066-72-identity-service-1  | 	at org.postgresql.jdbc@42.2.5//org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:250)
--
54006-72-identity-service-1  | [0m[0m12:01:44,489 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication
54247-72-identity-service-1  | [0m[0m12:01:44,491 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication
54533-72-identity-service-1  | [0m[0m12:01:44,492 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication
54816:72-identity-service-1  | [0m[0m12:01:44,492 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication
55105-72-identity-service-1  | [0m[0m12:01:44,493 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication
55405-72-identity-service-1  | [0m[0m12:01:44,493 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication
55697-72-identity-service-1  | [0m[0m12:01:44,493 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
--
61970-72-identity-service-1  | [0m[0m12:01:45,017 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0003: Stopped authenticationSessions cache from keycloak container
62169-72-identity-service-1  | [0m[0m12:01:45,020 INFO  [org.infinispan.manager.DefaultCacheManager] (ServerService Thread Pool -- 63) Stopping cache manager null on fae6d6be1e32
62344-72-identity-service-1  | [0m[0m12:01:45,028 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 63) ISPN000080: Disconnecting JGroups channel ejb
62501:72-identity-service-1  | [0m[31m12:01:45,061 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
62709-72-identity-service-1  |     "operation" => "add",
62760-72-identity-service-1  |     "address" => [
62804-72-identity-service-1  |         ("core-service" => "management"),
--
134818-72-identity-service-1  |         ("archive-validation" => "archive-validation")
134898-72-identity-service-1  |     ],
134930-72-identity-service-1  |     "enabled" => true,
134978:72-identity-service-1  |     "fail-on-error" => true,
135032-72-identity-service-1  |     "fail-on-warn" => false
135085-72-identity-service-1  | }, {
135115-72-identity-service-1  |     "operation" => "add",
--
174582-72-identity-service-1  | 		at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.rejectShutdown(EnhancedQueueExecutor.java:2031)
174731-72-identity-service-1  | 		... 14 more
174770-72-identity-service-1  | 
174796:72-identity-service-1  | [0m[31m12:01:45,158 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 46) WFLYCTL0403: Unexpected failure during execution of the following operation(s): []: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
175107-72-identity-service-1  | 	at org.jboss.as.controller@18.0.4.Final//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458)
175323-72-identity-service-1  | 	at org.jboss.as.controller@18.0.4.Final//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131)
175502-72-identity-service-1  | 	at org.jboss.as.controller@18.0.4.Final//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:872)
--
176791-72-identity-service-1  | 	at java.base/java.lang.Thread.run(Thread.java:829)
176868-72-identity-service-1  | 	at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
176984-72-identity-service-1  | 
177010:72-identity-service-1  | [0m[31m12:01:45,159 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 3) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
177226-72-identity-service-1  |     "operation" => "add",
177277-72-identity-service-1  |     "address" => [("subsystem" => "ejb3")],
177346-72-identity-service-1  |     "default-slsb-instance-pool" => "slsb-strict-max-pool",
--
185047-72-identity-service-1  | 	at java.base/java.lang.Thread.run(Thread.java:829)
185124-72-identity-service-1  | 	at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
185240-72-identity-service-1  | 
185266:72-identity-service-1  | [0m[31m12:01:45,175 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 15) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
185483-72-identity-service-1  |     "operation" => "add",
185534-72-identity-service-1  |     "address" => [("subsystem" => "jaxrs")]
185603-72-identity-service-1  | }]: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
--
187409-72-identity-service-1  | 	at java.base/java.lang.Thread.run(Thread.java:829)
187486-72-identity-service-1  | 	at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
187602-72-identity-service-1  | 
187628:72-identity-service-1  | [0m[31m12:01:45,178 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 35) WFLYCTL0403: Unexpected failure during execution of the following operation(s): []: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
187939-72-identity-service-1  | 	at org.jboss.as.controller@18.0.4.Final//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458)
188155-72-identity-service-1  | 	at org.jboss.as.controller@18.0.4.Final//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131)
188334-72-identity-service-1  | 	at org.jboss.as.controller@18.0.4.Final//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:872)
--
189623-72-identity-service-1  | 	at java.base/java.lang.Thread.run(Thread.java:829)
189700-72-identity-service-1  | 	at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
189816-72-identity-service-1  | 
189842:72-identity-service-1  | [0m[31m12:01:45,178 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 28) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
190059-72-identity-service-1  |     "operation" => "add",
190110-72-identity-service-1  |     "address" => [("subsystem" => "weld")]
190178-72-identity-service-1  | }]: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback

The docker-compose file for alfresco is

version: "2"
services:
    alfresco:
        build:
          context: ./alfresco
          args:
            ALFRESCO_TAG: ${ALFRESCO_CE_TAG}
            DB: postgres
            SOLR_COMMS: secret
        mem_limit: 7488m
        depends_on:
            - postgres
        environment:
            JAVA_TOOL_OPTIONS: "
                -Dencryption.keystore.type=JCEKS
                -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
                -Dencryption.keyAlgorithm=DESede
                -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
                -Dmetadata-keystore.password=mp6yc0UD9e
                -Dmetadata-keystore.aliases=metadata
                -Dmetadata-keystore.metadata.password=oKIWzVdEdA
                -Dmetadata-keystore.metadata.algorithm=DESede
                "
                #-Dsolr.secureComms=secret
      
            JAVA_OPTS : '
                -Ddb.username=alfresco
                -Ddb.password=alfresco
                -Ddb.driver=org.postgresql.Driver
                -Ddb.url=jdbc:postgresql://postgres:5432/alfresco
                -Dalfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634
                -Dsystem.preferred.password.encoding=bcrypt10
                -Dsolr.host=solr6
                -Dsolr.port=8983
                -Dsolr.port.ssl=8983
                -Dsolr.secureComms=secret
                -Dsolr.sharedSecret=i5ywsdh0qt
                -Dsolr.http.connection.timeout=1000
                -Dsolr.baseUrl=/solr
                -Dindex.subsystem.name=solr6
                -Dalfresco.host=${SERVER_NAME}
                -Dalfresco.port=443
                -Dapi-explorer.url=https://${SERVER_NAME}/api-explorer
                -Dalfresco.protocol=https
                -Dshare.host=${SERVER_NAME}
                -Dshare.port=443
                -Dshare.protocol=https
                -Dopencmis.server.override=true
                -Dopencmis.server.value=https://${SERVER_NAME}
                -Dalfresco.restApi.basicAuthScheme=true
                -Dauthentication.protection.enabled=false
                -Daos.baseUrlOverwrite=https://${SERVER_NAME}/alfresco/aos
                -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true"
                -Ddeployment.method=DOCKER_COMPOSE
                -Dcsrf.filter.enabled=false
                -DlocalTransform.core-aio.url=http://transform-core-aio:8090/
                -Dcsrf.filter.enabled=false
                -XX:+UseG1GC -XX:+UseStringDeduplication
                -Dgoogledocs.enabled=false
                -Xms6976m -Xmx6976m
                -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
                '
                 
        volumes:
            - ./data/alf-repo-data:/usr/local/tomcat/alf_data
            - ./logs/alfresco:/usr/local/tomcat/logs
        ports:
            - "50500:50500" 

    transform-core-aio:
        image: alfresco/alfresco-transform-core-aio:${TRANSFORM_ENGINE_TAG}
        mem_limit: 2048m
        environment:
            JAVA_OPTS: "
              -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
              -Server.tomcat.threads.max=12
              -Server.tomcat.threads.min=4
              -Dlogging.level.org.alfresco.transform.router.TransformerDebug=ERROR
                "
        ports:
          - "8090:8090"

    share:
        build:
          context: ./share
          args:
            SHARE_TAG: ${SHARE_TAG}
            SERVER_NAME: ${SERVER_NAME}
        mem_limit: 1872m
        environment:
            REPO_HOST: "alfresco"
            REPO_PORT: "8080"
            CSRF_FILTER_REFERER: "https://dev.app1.eparatus.com/.*"
            CSRF_FILTER_ORIGIN: "https://dev.app1.eparatus.com"
            JAVA_OPTS: "
                -Xms1744m -Xmx1744m
                -Dalfresco.host=dev.app1.eparatus.com
                -Dalfresco.context=alfresco
                -Dalfresco.protocol=https
                -Dalfresco.port=443
                -Dshare.context=share
                -Dshare.host=dev.app1.eparatus.com
                -Dshare.protocol=https
                -Share.port=443
                -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
                "
        volumes:
            - ./logs/share:/usr/local/tomcat/logs

    postgres:
        image: Postgres:${POSTGRES_TAG}
        mem_limit: 1872m
        environment:
            - POSTGRES_PASSWORD=alfresco
            - POSTGRES_USER=alfresco
            - POSTGRES_DB=alfresco
        command: "
            Postgres
              -c max_connections=200
              -c logging_collector=on
              -c log_min_messages=LOG
              -c log_directory=/var/log/PostgreSQL"
        ports:
            - 5432:5432
        volumes:
            - ./data/Postgres-data:/var/lib/PostgreSQL/data
            - ./logs/postgres:/var/log/PostgreSQL


    solr6:
        build:
          context: ./search
          args:
            SEARCH_TAG: ${SEARCH_CE_TAG}
            SOLR_HOSTNAME: solr6
            ALFRESCO_HOSTNAME: alfresco
            ALFRESCO_COMMS: secret
            CROSS_LOCALE: "false"
        mem_limit: 3744m
        environment:
            #Solr needs to know how to register itself with Alfresco
            SOLR_ALFRESCO_HOST: "alfresco"
            SOLR_ALFRESCO_PORT:  "8080"
            #Alfresco needs to know how to call solr
            SOLR_SOLR_HOST: "solr6"
            SOLR_SOLR_PORT: "8983"
            #Create the default alfresco and archive cores
            SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
            SOLR_JAVA_MEM: "-Xms3488m -Xmx3488m"
            #ALFRESCO_SECURE_COMMS: "none"
            SOLR_OPTS: "
                -XX:NewSize=1616m
                -XX:MaxNewSize=1616m
                -Dalfresco.secure comms.secret=i5ywsdh0qt
                    "            

        volumes:
            - ./data/solr-data:/opt/alfresco-search-services/data
        ports:
            - "8083:8983" # Browser port
        
    activemq:
        image: alfresco/alfresco-activemq:${ACTIVEMQ_TAG}
        mem_limit: 1g
        ports:
            - 8161:8161 #Web 
            - 5672:5672 # AMQP
            - 61616:61616 # OpenWire
            - 61613:61613 # STOMP
         
    content-app:
        image: alfresco/alfresco-content-app:${ACA_TAG}
        mem_limit: 256m
        depends_on:
            - alfresco
            - share
    nginx:
        image: nginx:stable-alpine
        mem_limit: 128m
      
        volumes:
            - ./config/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
            - ./config/certbot/conf:/etc/letsencrypt
            - ./config/certbot/www:/var/www/certbot
            - ./config/nginx/nginx.htpasswd:/etc/nginx/conf.d/nginx.passed
        ports:
            - 80:80
            - 443:443
    identity-service:
        image: JBoss/keycloak:16.1.1
        environment:
            DB_VENDOR: POSTGRES
            DB_ADDR: Postgres
            DB_DATABASE: keycloak
            DB_USER: alfresco
            DB_SCHEMA: public
            DB_PASSWORD: alfresco
            KEYCLOAK_USER: admin
            KEYCLOAK_PASSWORD: eparatus@devapp1
            PROXY_ADDRESS_FORWARDING: "true"
            KEYCLOAK_IMPORT: /tmp/realm-export.json
        volumes:
            - ./data/keycloak/realm-export.json:/tmp/realm-export.json
        ports:
            - 8080:8080
            - 8180:8180
        depends_on:
            - Postgres

I am not able precisely to find why the keycloak is not working and further I want to integrate it with the alfresco for the user authentication as well.

Thank you,

Mahesh B.

topic How to integrate Keycloak with Alfresco Community 7.2? in Alfresco Forum

How to integrate Keycloak with Alfresco Community 7.2?