search

finalist / liferay-oidc-plugin

Plugin for Liferay, enabling OpenID Connect authentication
Apache License 2.0
21 stars 31 forks source link

Can't get it working with Gluu Server or Keycloak #13

Closed DFDevPriv closed 7 years ago

DFDevPriv commented 7 years ago

I tried to get the plugin working within Liferay 7 with my own Openid Connect Provider (first try: Gluu server, second try: Keycloak server). Both times I ended up with the same problem. After a click on "Sign in" I got redirected to the openid connect provider page (worked with Gluu and Keycloak), where I authenticated myself. Afterwards I get redirected to a blank page. The liferay log files shows the following error message: [OpenIDConnectFilter:61] java.lang.IllegalArgumentException: Impossible to obtain a Token from a null or empty string Is this a bug or do I have a misconfiguration on the OP side?

jotaceperez commented 7 years ago

Hi, I have connected oidc-plugin with keycloak without problems. I think you should check the client settings, I have the following:

Client ID liferay-client Name liferay-client Description any bla bla bla Enabled ON Consent Required OFF Client Protocol openid-connect Client Template no value Access Type confidential Standard Flow Enabled ON Implicit Flow Enabled OFF Direct Access Grants Enabled ON Service Accounts Enabled OFF Root URL no value Valid Redirect URIs http://portal.mihost.cl/ and https://portal.mihost.cl/ Base URL no value Admin URL no value Web Origins http://portal.mihost.cl and https://portal.mihost.cl

I remember that the problem had to do with the redirection address, I happened at the beginning of the year, so I do not remember exactly. But with that configuration I have no problems.

my portal-ext.properties file:

auto.login.hooks=nl.finalist.liferay.oidc.OpenIDConnectAutoLogin openidconnect.enableOpenIDConnect=true openidconnect.token-location=https://sso.mihost.cl/auth/realms/myrealm/protocol/openid-connect/token openidconnect.authorization-location=https://sso.mihost.cl/auth/realms/myrealm/protocol/openid-connect/auth openidconnect.profile-uri=https://sso.mihost.cl/auth/realms/myrealm/protocol/openid-connect/userinfo openidconnect.issuer=https://sso.mihost.cl/auth/realms/myrealm openidconnect.client-id=liferay-client openidconnect.secret=xxx openidconnect.scope=openid profile email

DFDevPriv commented 7 years ago

Thanks a lot! It was a configuration problem and I could fix it with your example!

bejondshao commented 6 years ago

@jotaceperez , Keycloak profile uri has changed to openidconnect.profile-uri=https://sso.mihost.cl/auth/realms/myrealm/protocol/openid-connect/account