using openid for auhentication

Hello,

I want to use keycloak for authentication to Nuxeo. I followed the steps in the documentation (link). I added this part in Nuxeo/templates/openid/config/openid-login-config.xml.nxftl

    <#if "${nuxeo.openid.keycloak.client.id}" != "">
      <!-- Keycloak coonect provider contribution -->
      <require>org.nuxeo.ecm.platform.oauth2.openid.keycloak</require>

      <extension target="org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProviderRegistry"
                 point="providers">
        <provider>
          <name>KeycloakOpenIDConnect</name>
          <clientId>${nuxeo.openid.keycloak.client.id}</clientId>
          <clientSecret>${nuxeo.openid.keycloak.client.secret}</clientSecret>
        </provider>
      </extension>
    </#if>

The extension in my bundle (I used default classes) :

<?xml version="1.0"?>
<component name="org.nuxeo.ecm.platform.oauth2.openid.keycloak" version="1.0">
    <requires>org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProviderRegistry</requires>
    <extension point="providers" target="org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProviderRegistry">
        <provider>
            <name>KeycloakOpenIDConnect</name>
            <label>Keycloak</label>
            <description>Login using your Keycloak account</description>
            <authorizationServerURL>http://localhost:8180/auth/realms/myrealm/protocol/openid-connect/auth</authorizationServerURL>
            <tokenServerURL>http://localhost:8180/auth/realms/myrealm/protocol/openid-connect/token</tokenServerURL>
            <userInfoURL>http://localhost:8180/auth/realms/myrealm/protocol/openid-connect/userinfo</userInfoURL>
            <userInfoClass>org.nuxeo.ecm.platform.oauth2.openid.auth.DefaultOpenIDUserInfo</userInfoClass>
            <userResolverClass>org.nuxeo.ecm.platform.oauth2.openid.auth.StoredUserInfoResolver</userResolverClass>
            <scope>openid</scope>
        </provider>
    </extension>
</component>

And I am getting this error :

2020-09-30T11:46:56,487 ERROR [http-nio-0.0.0.0-8080-exec-4] [org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider] Unable to parse server response
com.google.api.client.http.HttpResponseException: 400 Bad Request
{"error":"invalid_request","error_description":"Token not provided"}
    at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1054) ~[google-http-client-1.19.0.jar:1.19.0]
    at org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider.getUserInfo(OpenIDConnectProvider.java:218) [nuxeo-platform-login-openid-10.10.jar:?]
    at org.nuxeo.ecm.platform.oauth2.openid.auth.OpenIDConnectAuthenticator.retrieveIdentityFromOAuth(OpenIDConnectAuthenticator.java:121) [nuxeo-platform-login-openid-10.10.jar:?]

Do you have any idea how to resolve this .

Regards.

0 votes

1 answers

67 views

ANSWER



the plugin ## nuxeo-platform-login-keycloak works fine for me, but it doesn't support single sign-out (when user logs out from another application) I'm working on finding a way around.

0 votes



Hello,

I can't use this plugin because I need to install hotfixes and they are not free.

10/06/2020

me too, i didn't use it in a production env yet
10/06/2020