[keycloak-user] Error: [org.pac4j.oidc.credentials.authenticator.OidcAuthenticator]

[Harshad Keluskar]

We have three servers with below listed services.

* Keycloak for IDP
* Apereo CAS for Delegate Authentication
* Liferay CE7 for portals

We followed and configured all steps which suggested for respective tools / applications. And configured authorized SSLs (from godaddy) certificates for above mentioned servers. Liferay authenticates against CAS using the CAS protocol. CAS delegates authentication to keycloak using OpenID Connect.

I'm getting an error while trying check the whole workflow. Please see below for the more details and error.

When I tap on "Sign IN" on Liferay portal, it redirects me to keycloak authentication page via CAS (Auth Delegation) and after entering the valid credentials in the keycloak page, it provides an error in the cas logs which is mentioned below:

> 2017-08-09 18:29:30,906 DEBUG
> [org.pac4j.oidc.credentials.extractor.OidcExtractor] - <Authentication
> response successful> 2017-08-09 18:29:30,906 WARN
> [org.pac4j.oidc.credentials.authenticator.OidcAuthenticator] -
> <Preferred token endpoint Authentication method: null not available.
> Defaulting to: private_key_jwt>

And I got this error message on browser screen:

> "Unauthorized Access Either the authentication request was
> rejected/cancelled, or the authentication provider denied access due
> to permissions, etc. Review logs to find the root cause of the issue."

It would be great, if you could help me to get this resolved.


Thanks,

Harshad.