Keycloak: user_not_found

philipp.ludwig · January 9, 2024, 8:10am

So I installed keycloak via the App Center for SSO. I have a dokuwiki instance running outside of UCS which I configured to use keycloak and it works fine with the Administrator account.

However, I cannot login over keycloak with a normal user account. The keycloak logfile shows:

2024-01-08 15:59:35,975 WARN  [org.keycloak.events] (executor-thread-23) type=LOGIN_ERROR, realmId=e0e9f1b1-316e-4eba-86df-d3c7cd8d425e, clientId=dokuwiki, userId=189da369-da4e-405b-8d45-e40ea93ca1d6, ipAddress=192.168....., error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://...., code_id=eb65f9e1-998b-4a6e-bcbc-4d39dd6ceca1, username=philipp.ludwig
2024-01-09 08:37:59,838 WARN  [org.keycloak.events] (executor-thread-26) type=LOGIN_ERROR, realmId=e0e9f1b1-316e-4eba-86df-d3c7cd8d425e, clientId=dokuwiki, userId=null, ipAddress=192.168......, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://....., code_id=a7cf924f-33a0-4bd7-8ee0-f452b741b09b, username=philipp.ludwig

Note that this unprivileged user philipp.ludwig exists in UCS and that I can login to the Portal without issues.

Do I need to create user accounts in keycloak for every UCS user? I thought that keycloak would fetch the user info via LDAP.

danield · January 18, 2024, 12:34pm

Are you sure you are using the administrator account out of UCS’ ldap or is it Keycloak’s admin account?

The Keycloak realm ‘ucs’ points to a non-TLS port but is configured to use STARTTLS. There’s a (german) post about the error here: Error in Keycloak LDAP Query - TLS Problem to LDAP - #2 by hasechris92

If you didn’t change that (e.g. uncheck USE STARTTLS ) keycloak can’t get your users from Ldap.

philipp.ludwig · January 22, 2024, 9:19am

Thanks for your reply. As I said, the UCS admin account works fine, but I was wondering about authenticating at keycloak with a non-admin UCS account.

Anyway, in the meantime I removed keycloak because I could not get it to work.

boospy · January 22, 2024, 9:41am

This will not help you much, because from UCS version 5.2 there is only Keycloak.

lw3234 · June 4, 2025, 8:13pm

I just installed Keycloak on my UCS 5.0 primary and found myself with the same error message in the logs.

However, in contrast to philipp I did not try to login with a non admin user. My problem in fact is that a login attempt with the standard “Administrator” account after a fresh install fails with “user_not_found” in the keycloak logs.

Only way to get into the admin console is via the hardwired “admin” account.

lw3234 · June 5, 2025, 7:23pm

Well, I solved my problem:

Though the system “Administrator” account (obviously) was part of the group “Domain Admins” the login worked after I removed him and readded the account the group.

No idea what was wrong here…