topic Re: Urgent help need for Alfresco 23.3 SSO with Okta OIDC as IDP in Alfresco Forum

Urgent help need for Alfresco 23.3 SSO with Okta OIDC as IDP

yuantao — Mon, 30 Jun 2025 19:37:40 GMT

Hi Team,

We are upgrading ACS from 7.1 to 23.3, and adapt 23.3 with native Keycloak 24.0.3 for SSO (use Okta OIDC as IDP). We first try with native ACS 23.3 with Keycloak setup and it works fine. but after we apply our custom share and platform image, the SSO stop working. We do remote debug with share library and see below error through in AIMSFilter class on calling api
/-default-/public/authentication/versions/1/tickets/-me-?noCache=

{ "error" : { "errorKey" : "framework.exception.ApiDefault", "statusCode" : 401, "briefSummary" : "05290014 Authorization 'Bearer' not supported.", "stackTrace" : "For security reasons the stack trace is no longer displayed, but the property is kept for previous versions", "descriptionURL" : "https://api-explorer.alfresco.com", "logId" : "bed30bc2-7348-4a03-930b-c273481a035b" } }

In ACS 7.1, share simply use /alfresco/s/api/login call with user and password to get alf_ticket for subsequent call. I'm not sure if the Bearer type of ticket call is something new in ACS 23.3 and require extra configure.

In summary:

Our dev environment SSO works with share + platform + native DB + keycloak

Our test environment SSO doesn't work with share+ platform + existing DB (upgraded from 7.1) + keycloak

Both environment use same customized image and same configuration.

Any help is appreciated.

Re: Urgent help need for Alfresco 23.3 SSO with Okta OIDC as IDP

cesarista — Fri, 04 Jul 2025 09:24:20 GMT

Hi:

I assume you are using EE.

May you have (between migrated database) some JMX data persisted related authentication chain ?

Regards.

--C.

Re: Urgent help need for Alfresco 23.3 SSO with Okta OIDC as IDP

yuantao — Wed, 09 Jul 2025 12:28:23 GMT

Hi cesarista,

Yes, we are trying to upgrade from ACS 7.1 to 23.3 and it's enterprise version. Not sure how to check JMX data for authentication chain or there is a way to check issue in DB?

Thanks.

Re: Urgent help need for Alfresco 23.3 SSO with Okta OIDC as IDP

cesarista — Wed, 09 Jul 2025 12:36:38 GMT

In Alfresco admin console (Support Tools) check if there is something about authentication chain saved in DB:

/alfresco/s/enterprise/admin/admin-jmx-settings

Regards.

--C.

Re: Urgent help need for Alfresco 23.3 SSO with Okta OIDC as IDP

yinyuantao — Thu, 10 Jul 2025 00:29:28 GMT

Hi cesarista,

You are right. It turns out jmx setting didn't sync with the authentication chain configuration in alfresco-global.properties. Much appreciate your help!

Re: Urgent help need for Alfresco 23.3 SSO with Okta OIDC as IDP

woordnelson — Mon, 14 Jul 2025 15:51:25 GMT

/-default-/public/authentication/versions/1/tickets/-me-?noCache=

{

"error" : {

"errorKey" : "framework.exception.ApiDefault",

"statusCode" : 401,

"briefSummary" : "05290014 Authorization 'Bearer' not supported.",

"stackTrace" : "For security reasons the stack trace is no longer displayed, but the property is kept for previous versions",

"logId" : "bed30bc2-7348-4a03-930b-c273481a035b"

}