Keycloak: user_not_found

So I installed keycloak via the App Center for SSO. I have a dokuwiki instance running outside of UCS which I configured to use keycloak and it works fine with the Administrator account.

However, I cannot login over keycloak with a normal user account. The keycloak logfile shows:

2024-01-08 15:59:35,975 WARN  [] (executor-thread-23) type=LOGIN_ERROR, realmId=e0e9f1b1-316e-4eba-86df-d3c7cd8d425e, clientId=dokuwiki, userId=189da369-da4e-405b-8d45-e40ea93ca1d6, ipAddress=192.168....., error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://...., code_id=eb65f9e1-998b-4a6e-bcbc-4d39dd6ceca1, username=philipp.ludwig
2024-01-09 08:37:59,838 WARN  [] (executor-thread-26) type=LOGIN_ERROR, realmId=e0e9f1b1-316e-4eba-86df-d3c7cd8d425e, clientId=dokuwiki, userId=null, ipAddress=192.168......, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://....., code_id=a7cf924f-33a0-4bd7-8ee0-f452b741b09b, username=philipp.ludwig

Note that this unprivileged user philipp.ludwig exists in UCS and that I can login to the Portal without issues.

Do I need to create user accounts in keycloak for every UCS user? I thought that keycloak would fetch the user info via LDAP.

1 Like

Are you sure you are using the administrator account out of UCS’ ldap or is it Keycloak’s admin account?

The Keycloak realm ‘ucs’ points to a non-TLS port but is configured to use STARTTLS. There’s a (german) post about the error here: Error in Keycloak LDAP Query - TLS Problem to LDAP - #2 by hasechris92

If you didn’t change that (e.g. uncheck USE STARTTLS ) keycloak can’t get your users from Ldap.

Thanks for your reply. As I said, the UCS admin account works fine, but I was wondering about authenticating at keycloak with a non-admin UCS account.

Anyway, in the meantime I removed keycloak because I could not get it to work.

This will not help you much, because from UCS version 5.2 there is only Keycloak.