Hi Team,
We are upgrading ACS from 7.1 to 23.3, and adapt 23.3 with native Keycloak 24.0.3 for SSO (use Okta OIDC as IDP). We first try with native ACS 23.3 with Keycloak setup and it works fine. but after we apply our custom share and platform image, the SSO stop working. We do remote debug with share library and see below error through in AIMSFilter class on calling api
/-default-/public/authentication/versions/1/tickets/-me-?noCache=
{
"error" : {
"errorKey" : "framework.exception.ApiDefault",
"statusCode" : 401,
"briefSummary" : "05290014 Authorization 'Bearer' not supported.",
"stackTrace" : "For security reasons the stack trace is no longer displayed, but the property is kept for previous versions",
"descriptionURL" : "https://api-explorer.alfresco.com",
"logId" : "bed30bc2-7348-4a03-930b-c273481a035b"
}
}
In ACS 7.1, share simply use /alfresco/s/api/login call with user and password to get alf_ticket for subsequent call. I'm not sure if the Bearer type of ticket call is something new in ACS 23.3 and require extra configure.
In summary:
Our dev environment SSO works with share + platform + native DB + keycloak
Our test environment SSO doesn't work with share+ platform + existing DB (upgraded from 7.1) + keycloak
Both environment use same customized image and same configuration.
Any help is appreciated.
