cancel
Showing results for 
Search instead for 
Did you mean: 

SSO Keycloak

pbar
Confirmed Champ
Confirmed Champ

Hi All,

I can't configure SSO . I get the following error:

2020-02-26 09:51:03,402 WARN [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, identity-service1] failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent'
defined in URL [jar:file:/var/lib/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]:
Cannot resolve reference to bean 'authenticatorAuthzClient' while setting bean property 'authenticatorAuthzClient'; nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'authenticatorAuthzClient': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException:
Could not obtain configuration from server [http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration].
.......
Caused by: java.lang.RuntimeException: Error executing http method [RequestBuilder [method=GET, charset=UTF-8, version=null, uri=http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration, headerGroup=null, entity=null, parameters=null, config=null]]. Response : null
at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
at org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
at org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:251)
... 60 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)

.........

Response from the Keycloak server  http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration

{"issuer":"http://localhost:8880/auth/realms/alfresco","authorization_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/auth","token_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token","token_introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect","end_session_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/logout","jwks_uri":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/certs","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"http://localhost:8880/auth/realms/alfresco/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"scopes_supported":["openid","address","email","microprofile-jwt","offline_access","phone","profile","roles","web-origins"],"resource_registration_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/resource_set","permission_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/permission","policy_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/uma-policy","introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect"}

Pls help me!

1 ACCEPTED ANSWER

narkuss
Star Contributor
Star Contributor

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

View answer in original post

3 REPLIES 3

narkuss
Star Contributor
Star Contributor

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

BrunoA
Champ on-the-rise
Champ on-the-rise

@narkuss wrote:

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps


Thanks a lot for this solution!

jonbj
Champ on-the-rise
Champ on-the-rise

Can you share your docker-compose file?