Ask Questions and Find Answers

I'm tyring to use the new OpenId Connect authentication module that comes with LR 7.1 GA2 with Keycloak. I have had some luck with LR 7.0 GA7 using the OpenId Connect Auth Module that I found in the LR Marketplace. Here's the config I have in LR 7.1 for OpenId Connect :

Provider Name
Keycloak
Set the name for the OpenID Connect provider.

OpenID Connect Client ID
aimportal
Set the client ID for the OpenID Connect provider.

OpenID connect client secret
aea9c3e4-1b52-4303-892a-ddf429fec8a5
Set the client secret for the OpenID Connect provider.

Scopes
openid email profile
Set the scopes Liferay will request during authentication. Scopes are delimited with spaces.

Discovery Endpoint
Set the discovery endpoint for the OpenID Connect provider. If this is set, manually set endpoints will be ignored.

Discovery Endpoint Cache in Milliseconds
Discovery endpoint metadata will be cached on this interval in milliseconds. If 0 is set, the metadata is never refreshed.

Authorization Endpoint
http://localhost:15080/auth/realms/aim/protocol/openid-connect/auth
Set the authorization endpoint for the OpenID Connect provider.

Issuer URL
http://localhost:15080/auth/realms/aim
Set the issuer URL for the OpenID Connect provider.

JWKS URI
Set the JWKS URI for the OpenID Connect provider.

Subject Types
public
Set the subject types for the OpenID Connect provider.

Token Endpoint
http://localhost:15080/auth/realms/aim/protocol/openid-connect/token
Set the token endpoint for the OpenID Connect provider.

User Information Endpoint
http://localhost:15080/auth/realms/aim/protocol/openid-connect/userinfo
Set the user information endpoint for the OpenID Connect provider.

With the OpenId Connect module enabled I do get a link for OpenId Connect that takes me to my KeyCloak login page but when a do login I get the following error displayed to me:

Internal Server Error
An error occurred while accessing the requested resource.

http://localhost:17080/c/portal/login/openidconnect?state=YDdJ8jZQb74CBfdlYNjDDP9vDTtaXQm5dF8vJ870CWg&session_state=8bf0d4b6-7e35-4db3-8ed1-fb88c86357b2&code=a81c9191-0b8b-4333-adf5-8d81992e8589.8bf0d4b6-7e35-4db3-8ed1-fb88c86357b2.7b0b4b2a-457f-464e-8893-5f2470184965

In the liferay log I see the following:

2018-12-20 22:30:39.987 ERROR [http-nio-17080-exec-9][OpenIdConnectFilter:111] Unable to process the OpenID login

com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException$TokenException: Unable to instantiate token validator

at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.validateToken(OpenIdConnectServiceHandlerImpl.java:608)

at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.requestTokens(OpenIdConnectServiceHandlerImpl.java:515)

at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.requestIdToken(OpenIdConnectServiceHandlerImpl.java:461)

at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.processAuthenticationResponse(OpenIdConnectServiceHandlerImpl.java:163)

at com.liferay.portal.security.sso.openid.connect.internal.service.filter.OpenIdConnectFilter.processAuthenticationResponse(OpenIdConnectFilter.java:106)

at com.liferay.portal.security.sso.openid.connect.internal.service.filter.OpenIdConnectFilter.processFilter(OpenIdConnectFilter.java:123)

at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)

at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)

at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)

at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)

at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)

at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:263)

at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)

at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)

at com.liferay.portal.monitoring.internal.servlet.filter.MonitoringFilter.processFilter(MonitoringFilter.java:178)

at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)

at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)

at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)

at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)

at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)

at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:65)

at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:168)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:168)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)

at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:101)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:764)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1388)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

Caused by: com.nimbusds.oauth2.sdk.GeneralException: Missing OpenID Provider id_token_signing_alg_values_supported parameter

at com.nimbusds.openid.connect.sdk.validators.IDTokenValidator.createJWSKeySelector(IDTokenValidator.java:473)

at com.nimbusds.openid.connect.sdk.validators.IDTokenValidator.create(IDTokenValidator.java:578)

at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.validateToken(OpenIdConnectServiceHandlerImpl.java:600)

... 60 more