cancel
Showing results for 
Search instead for 
Did you mean: 

SSO Keycloak

pbar
Confirmed Champ
Confirmed Champ

Hi All,

I can't configure SSO . I get the following error:

2020-02-26 09:51:03,402 WARN [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, identity-service1] failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent'
defined in URL [jar:file:/var/lib/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]:
Cannot resolve reference to bean 'authenticatorAuthzClient' while setting bean property 'authenticatorAuthzClient'; nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'authenticatorAuthzClient': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException:
Could not obtain configuration from server [http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration].
.......
Caused by: java.lang.RuntimeException: Error executing http method [RequestBuilder [method=GET, charset=UTF-8, version=null, uri=http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration, headerGroup=null, entity=null, parameters=null, config=null]]. Response : null
at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
at org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
at org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:251)
... 60 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)

.........

Response from the Keycloak server  http://localhost:8880/auth/realms/alfresco/.well-known/uma2-configuration

{"issuer":"http://localhost:8880/auth/realms/alfresco","authorization_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/auth","token_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token","token_introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect","end_session_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/logout","jwks_uri":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/certs","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"http://localhost:8880/auth/realms/alfresco/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"scopes_supported":["openid","address","email","microprofile-jwt","offline_access","phone","profile","roles","web-origins"],"resource_registration_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/resource_set","permission_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/permission","policy_endpoint":"http://localhost:8880/auth/realms/alfresco/authz/protection/uma-policy","introspection_endpoint":"http://localhost:8880/auth/realms/alfresco/protocol/openid-connect/token/introspect"}

Pls help me!

1 ACCEPTED ANSWER

narkuss
Star Contributor
Star Contributor

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

View answer in original post

4 REPLIES 4

narkuss
Star Contributor
Star Contributor

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps

BrunoA
Champ on-the-rise
Champ on-the-rise

@narkuss wrote:

Are you using docker containers? I found this problem when using keycloak docker image inside the same alfresco docker-compose file. The point is that keycloak is not started up when alfresco tries to get keycloak information. You must startup keycloak before ACS container.

Also, keep in mind that if you are using docker, you can't point to localhost to connect to keycloak, as it tries to connect to the ACS container. You should assign static ip's to the keycloak container in your docker network.

Hope it helps


Thanks a lot for this solution!

jonbj
Champ on-the-rise
Champ on-the-rise

Can you share your docker-compose file?

lawrencejonish
Champ in-the-making
Champ in-the-making

SSO Keycloak is a crucial tool for enhancing security and user experience in web applications. When it comes to optimizing SEO content, integrating ChatGPT with Keycloak can be a game-changer. By leveraging this combination, you can create dynamic and engaging content that not only ranks well but also offers a personalized user experience. This innovative approach, using ChatGPT for SEO content, aligns perfectly with the evolving digital landscape in 2023, ensuring your content remains relevant and competitive.