02-26-2020 05:23 AM
Hi All,
I can't configure SSO . I get the following error:
2020-02-26 09:51:03,402 WARN [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, identity-service1] failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent'
defined in URL [jar:file:/var/lib/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]:
Cannot resolve reference to bean 'authenticatorAuthzClient' while setting bean property 'authenticatorAuthzClient'; nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'authenticatorAuthzClient': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException:
Could not obtain configuration from server [http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration].
.......
Caused by: java.lang.RuntimeException: Error executing http method [RequestBuilder [method=GET, charset=UTF-8, version=null, uri=http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration, headerGroup=null, entity=null, parameters=null, config=null]]. Response : null
at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
at org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
at org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:251)
... 60 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)
.........
Response from the Keycloak server http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration
{"issuer":"http://localhost:8880/auth/realms/alfresco","authorization_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/auth","token_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token","token_introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect","end_session_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/logout","jwks_uri":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/certs","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"http://localhost:8880/auth/realms/alfresco/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"scopes_supported":["openid","address","email","microprofile-jwt","offline_access","phone","profile","roles","web-origins"],"resource_registration_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/resource_set","permission_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/permission","policy_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/uma-policy","introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect"}
Pls help me!
02-28-2020 02:18 AM
Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.
Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.
Hope it helps
02-28-2020 02:18 AM
Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.
Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.
Hope it helps
04-30-2020 12:39 PM
@narkuss wrote:Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.
Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.
Hope it helps
Thanks a lot for this solution!
05-30-2021 08:26 AM
Can you share your docker-compose file?
Explore our Alfresco products with the links below. Use labels to filter content by product module.