'Alfresco Community 7.1 Cannot Authenticate with Keycloak Server when Keycloak use Self Sign Certificate

I have test Alfresco Community 7.1 with Keycloak. My Keycloak use https (self signed certificate)

My alfresco-global.properties (Alfresco Repository)

authentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm
identity-service.enable-basic-auth=true
identity-service.authentication.validation.failure.silent=false
identity-service.auth-server-url=https://192.168.10.25/auth

identity-service.realm=guru
identity-service.resource=alfresco-client
identity-service.public-client=true
identity-service.ssl-required=none

csrf.filter.referer=https://192.168.11.22:443
csrf.filter.origin=https://192.168.11.22:443/*

aims.enabled=true
aims.realm=guru
aims.resource=alfresco-client
aims.authServerUrl=https://192.168.10.25/auth
aims.publicClient=true

My share-config-custom.xml (Alfresco Share)

<alfresco-config>

   <config evaluator="string-compare" condition="Users" replace="true">
      <users>
         <username-min-length>2</username-min-length>
         <password-min-length>3</password-min-length>
         <show-authorization-status>false</show-authorization-status>
      </users>
      <enable-external-users-panel>false</enable-external-users-panel>
   </config>


   <config evaluator="string-compare" condition="AIMS">
     <enabled>true</enabled>
     <realm>guru</realm>
     <resource>alfresco-client</resource>
     <authServerUrl>https://192.168.10.25/auth</authServerUrl>
     <sslRequired>none</sslRequired>
     <publicClient>true</publicClient>
   </config>

</alfresco-config>

When I start alfresco with docker compose command. It show error like this

alfresco_1            | 2022-03-01 06:41:33,478  WARN  [context.support.XmlWebApplicationContext] [main] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'patch.updateAdminUserWhenDefault' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-12.23.jar!/alfresco/patch/patch-services-context.xml]: Invocation of init method failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-12.23.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]: Cannot resolve reference to bean 'authenticatorAuthzClient' while setting bean property 'authenticatorAuthzClient'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticatorAuthzClient': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException: Could not obtain configuration from server [https://192.168.10.25/auth/realms/guru/.well-known/uma2-configuration].
alfresco_1            | 2022-03-01 06:41:33,854  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Stopping 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1]
alfresco_1            | 2022-03-01 06:41:33,856  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Stopped 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1]
alfresco_1            | 2022-03-01 06:41:33,866  ERROR [web.context.ContextLoader] [main] Context initialization failed
alfresco_1            | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'patch.updateAdminUserWhenDefault' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-12.23.jar!/alfresco/patch/patch-services-context.xml]: Invocation of init method failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-12.23.jar!/alfresco/subsystems/Authentication/identity-service/identity-service-authentication-context.xml]: Cannot resolve reference to bean 'authenticatorAuthzClient' while setting bean property 'authenticatorAuthzClient'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticatorAuthzClient': FactoryBean threw exception on object creation; nested exception is java.lang.RuntimeException: Could not obtain configuration from server [https://192.168.10.25/auth/realms/guru/.well-known/uma2-configuration].

[Alfresco Repository Error] : https://i.stack.imgur.com/4yHl4.jpg

[Alfreso Share Error][1] : https://i.stack.imgur.com/FePSJ.jpg

But if I use another Keycloak Server on Public Cloud with Valid Certificate (Lets Encrypt) It can work without problem.

My Question is, How to configure alfresco to use with Keycloak Internal Server which use Self Sign Certificate.

Thank you

keycloakalfresco


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Maven - /test/classes isn't directory - Error

How to detect if a content is using encrypted content store in alfresco?

Kerberos SSO stopped working after Chrome update

Alfresco Add Category based on Tag

Deploying a Keycloak HA cluster to kubernetes | Pods are not discovering each other

What is the best approach to logout from keycloak after authentication via pkce?

Change the preferred_username in token for client credential grant flow

Keycloak-js 'init()' not executing in React app

Keycloak Rest API get all available resources

Customize keycloak error page with spring boot

AWS Cognito in place of Keycloak [closed]

Keycloak 17.0.1 Import Realm on Docker / Docker-Compose Startup

How to configure "accept Terms and Conditions" on Keycloak registration page

What are the differences between CAS and Keycloak?

What are the differences between CAS and Keycloak?