1 Reply Latest reply on Oct 22, 2018 6:38 PM by Alfonso Vicente

    Social Sign-In with RedHat SSO

    Alfonso Vicente

      We're trying to integrate an APEX 18.1 application with RedHat Single Sign-On 7.2.1.GA

       

      The SSO is working for other applications. In the SSO we have a realm, and we have defined a new client for the APEX application, called lala

       

      The steps we have followed, were:

      1) Create a Shared Component -> Web Credential, called RHSSO_CLIENT_LALA of type "OAuth2 Client Credentials Flow" with the Client ID lala (the same Client ID defined in SSO). We leaves "Client Secret or Password" in blank, because the SSO is configured with Access Type = public

      2) Create two Shared Component -> Authentication Schemes:

      2.a) RHSSO_OIDC

      ------> Scheme Type = Social Sign-In

      ------> Credential Store = RHSSO_CLIENT_LALA

      ------> Authentication Provider = OpenID Connect Provider

      ------> Discovery URL = https://sso.mydomain.com/auth/realms/MyREALM/clients-registrations/openid-connect

      ------> Scope = openid

      ------> Username Attribute = name

      2.b) RHSSO_OAUTH2

      ------> Scheme Type = Social Sign-In

      ------> Credential Store = RHSSO_CLIENT_LALA

      ------> Authentication Provider = Generic OAuth2 Provider

      ------> Authorization Endpoint URL = https://sso.mydomain.com/auth/realms/MyREALM/protocol/openid-connect/auth

      ------> Token Endpoint URL = https://sso.mydomain.com/auth/realms/MyREALM/protocol/openid-connect/token

      ------> User Info Endpoint URL = https://sso.mydomain.com/auth/realms/MyREALM/protocol/openid-connect/userinfo

      ------> Scope = openid

      ------> Username Attribute = name

       

      Setting the current Authentication Scheme RHSSO_OIDC, when we Run Application, the browser address stay in http://apex-desa:9090/ords/ebsdesa/f?p=101:1:5493752706971::::: and we get "Error processing request. Contact your application administrator." (so, the APEX appplication does not execute the redirect to the SSO)

       

      Setting the current Authentication Scheme RHSSO_OAUTH2, when we Run Application, the APEX application redirect to the SSO, and after a successfull login, the SSO redirects back to http://apex-desa:9090/ords/ebsdesa/apex_authentication.callback?state=F50uS8fxqElWZcuMBYherxsXYo3S3vSdvVYI6LVosQl_YaAKVJ… . In this case, the URL is different but the message is the same: "Error processing request. Contact your application administrator."

       

      Any idea on how to solve this, some experience configuring Social Sign-In with RedHat SSO / Keycloak, or a guide on how to trobleshoot this errors ?

       

      Thanks in advance

       

      Best regards,

      Alfonso