cancel
Showing results for 
Search instead for 
Did you mean: 

Keycloak authentification APS

narjisseatos
Champ in-the-making
Champ in-the-making

Hi,

I have a problem when I try to connect keycloak to APS

keycloak version: 3.4.3
APS version: 1.9.01

ACS version : 6.1

«localhost:9080/activiti-app» redirects to :

http://localhost:8080/auth/realms/alfresco-dbp/protocol/openid-connect/auth?response_type=code&clien...

then, after authentication, to

http://localhost:9080/activiti-app/sso/login?state=dcc9f547-19d4-44ce-b5a5-745e1ab233f9&session_stat...Keycloack APS error

activiti-identity-service.properties

# --------------------------------
# IDENTITY SERVICE (i.e. Keycloak)
# --------------------------------

keycloak.enabled=true
keycloak.realm=alfresco-dbp
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=none
keycloak.resource=alfresco-client
keycloak.principal-attribute=email
# set to true if access type is public for this client in keycloak
keycloak.public-client=true
keycloak.always-refresh-token=true
keycloak.autodetect-bearer-only=true
keycloak.token-store=cookie
keycloak.enable-basic-auth=true

alfresco-global.properties

jodconverter.enabled=true

# Identity Service (i.e. Keycloak)
# --------------------------------

# UNCOMMENT TO ENABLE Identity Service (i.e. Keycloak) for ACS
authentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm
identity-service.authentication.enabled=true
identity-service.enable-basic-auth=true
identity-service.authentication.defaultAdministratorUserNames=admin
identity-service.authentication.validation.failure.silent=false
identity-service.auth-server-url=http://localhost:8080/auth
identity-service.realm=alfresco-dbp
identity-service.resource=alfresco-client
identity-service.public-client=true
identity-service.ssl-required=none

Bassam Al-Sarori

7 REPLIES 7

bassam_al-saror
Star Collaborator
Star Collaborator

Looks like APS isn't able to connect to Keycloak. Are they both running on different containers?

Thanks,

Yes, different containers

The Keycloak URL isn't correct it should point to the Keycloak instance. I'm not sure how do it but you look into how to make the Keycloak accessible to APS. I guess docker has a way to make two containers accessible to each other. 

keycloak.auth-server-url=http://localhost:8080/auth

The Keycloak URL is correct when i call this URL

«localhost:9080/activiti-app» redirects me to :

http://localhost:8080/auth/realms/alfresco-dbp/protocol/openid-connect/auth?response_type=code&clien...

And the two dockers are accessible to each other

I don't understand your response

The URL is pointing to localhost which isn't correct since Keycloak is on a different docker.

In the exception you posted it's clear that Keycloak is unreachable "Connection refused".

adrianmiramar
Champ in-the-making
Champ in-the-making

I dont know if the problem was the same or similiar but in my case I had to set the "Require SSL" to NONE on the REALM, because the URL validation token has to be SSL and I has a self signed certificate

I don't understand why the error is 404 (I think this is wrong because is very confusing) but the real issue is for conection between APS and the Keycloak.