nuxeo authentication using keycloak
Hello,
I want to configure my Nuxeo in order to allow authentication using Keycloak. I started by configuring my Nuxeo with LDAP. The particularity of my LDAP is that I dont have “member” attribute in my group object, I have a custom attribute to get members dynamically (it contains an url which is the request to get the members). Nuxeo works fine witch this configuration and I succeeded to login in to my Nuxeo with different users of my LDAP and I am also able to get the groups of each user !
Now, I configured my Keycloak. I also used the same LDAP to configure Keycloak, and It was more diffucult than Nuxeo. Keycloak does not support dynamic members attribute, so I succeeded to import both users and groups to my Keycloak but separated.
Then, I wanted to configure Nuxeo in order to allow authentication using Keycloak. I used the documentation in github : https://github.com/nuxeo/nuxeo/tree/release-10.10/nuxeo-services/login/nuxeo-platform-login-keycloak But it doesn't work .. When I go to http://localhost:8080/nuxeo I am redirected to Keycloak login page, I enter my username and password and click ok, it redirect me back to nuxeo but an error page with no messages in logs ..
I want to ask you if you have any advice :
- which version of Keycloak should I use with Nuxeo 10.10 ?
- is there a hotfix fix to install to my Nuxeo ?
- which version of tomcat adapter jars should I use ?
- which branch of nuxeo-platform-login-keycloak should I build ? does maven version count ?
- is there any special additional configuration in keycloak ?
Best Regards.
Hello,
- I tried with version 10.0 some months ago and it worked for me
- at least HF28 to benefit from the fix for https://jira.nuxeo.com/browse/NXP-29170 but you'll need a valid registration to use it. I've identified another bug with https://jira.nuxeo.com/browse/NXP-29355 which will also be fixed soon
- we need to update the documentation for the keycloak installation, it will be part of https://jira.nuxeo.com/browse/NXP-29082 : you have to use the adapters for Tomcat 9 and you must remove the duplicated libraries which are already in $NUXEO/nxserver/ib or $NUXEO/lib
- you have to build the branch 10.10 of nuxeo-platform-login-keycloak - the version 10.10 is available in maven but this version does not include the fix mentioned above
- I tried to put the differences I found between the README.md from GitHub and what I had to do to make it work in https://jira.nuxeo.com/browse/NXP-29082
I hope it will help you
Unable to fetch remote packages list: Connect server refused authentication (returned 401)
But I think the patch is successfully installed.
Is it normal ?