Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

nuxeo authentication using keycloak

Ghazi_HAKIM
Confirmed Champ
Confirmed Champ

‎08-26-2020 08:17 AM

Hello,

I want to configure my Nuxeo in order to allow authentication using Keycloak. I started by configuring my Nuxeo with LDAP. The particularity of my LDAP is that I dont have "member" attribute in my group object, I have a custom attribute to get members dynamically (it contains an url which is the request to get the members). Nuxeo works fine witch this configuration and I succeeded to login in to my Nuxeo with different users of my LDAP and I am also able to get the groups of each user !

Now, I configured my Keycloak. I also used the same LDAP to configure Keycloak, and It was more diffucult than Nuxeo. Keycloak does not support dynamic members attribute, so I succeeded to import both users and groups to my Keycloak but separated.

Then, I wanted to configure Nuxeo in order to allow authentication using Keycloak. I used the documentation in github : https://github.com/nuxeo/nuxeo/tree/release-10.10/nuxeo-services/login/nuxeo-platform-login-keycloak But it doesn't work .. When I go to http://localhost:8080/nuxeo I am redirected to Keycloak login page, I enter my username and password and click ok, it redirect me back to nuxeo but an error page with no messages in logs ..

I want to ask you if you have any advice :

  • which version of Keycloak should I use with Nuxeo 10.10 ?
  • is there a hotfix fix to install to my Nuxeo ?
  • which version of tomcat adapter jars should I use ?
  • which branch of nuxeo-platform-login-keycloak should I build ? does maven version count ?
  • is there any special additional configuration in keycloak ?

Best Regards.

0 Kudos
3 REPLIES 3

Thierry_Martins
Star Collaborator
Star Collaborator

‎09-01-2020 12:09 PM

Hello,

  • I tried with version 10.0 some months ago and it worked for me
  • at least HF28 to benefit from the fix for https://jira.nuxeo.com/browse/NXP-29170 but you'll need a valid registration to use it. I've identified another bug with https://jira.nuxeo.com/browse/NXP-29355 which will also be fixed soon
  • we need to update the documentation for the keycloak installation, it will be part of https://jira.nuxeo.com/browse/NXP-29082 : you have to use the adapters for Tomcat 9 and you must remove the duplicated libraries which are already in $NUXEO/nxserver/ib or $NUXEO/lib
  • you have to build the branch 10.10 of nuxeo-platform-login-keycloak - the version 10.10 is available in maven but this version does not include the fix mentioned above
  • I tried to put the differences I found between the README.md from GitHub and what I had to do to make it work in https://jira.nuxeo.com/browse/NXP-29082

I hope it will help you

Ghazi_HAKIM
Confirmed Champ
Confirmed Champ
In response to Thierry_Martins

‎09-02-2020 07:25 AM

Hello,

0 Kudos

Ghazi_HAKIM
Confirmed Champ
Confirmed Champ
In response to Thierry_Martins

‎09-02-2020 08:13 AM

I am still getting the same error ..

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC