Keycloak: user_not_found

So I installed keycloak via the App Center for SSO. I have a dokuwiki instance running outside of UCS which I configured to use keycloak and it works fine with the Administrator account.

However, I cannot login over keycloak with a normal user account. The keycloak logfile shows:

2024-01-08 15:59:35,975 WARN  [org.keycloak.events] (executor-thread-23) type=LOGIN_ERROR, realmId=e0e9f1b1-316e-4eba-86df-d3c7cd8d425e, clientId=dokuwiki, userId=189da369-da4e-405b-8d45-e40ea93ca1d6, ipAddress=192.168....., error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://...., code_id=eb65f9e1-998b-4a6e-bcbc-4d39dd6ceca1, username=philipp.ludwig
2024-01-09 08:37:59,838 WARN  [org.keycloak.events] (executor-thread-26) type=LOGIN_ERROR, realmId=e0e9f1b1-316e-4eba-86df-d3c7cd8d425e, clientId=dokuwiki, userId=null, ipAddress=192.168......, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://....., code_id=a7cf924f-33a0-4bd7-8ee0-f452b741b09b, username=philipp.ludwig

Note that this unprivileged user philipp.ludwig exists in UCS and that I can login to the Portal without issues.

Do I need to create user accounts in keycloak for every UCS user? I thought that keycloak would fetch the user info via LDAP.

Are you sure you are using the administrator account out of UCS’ ldap or is it Keycloak’s admin account?

The Keycloak realm ‘ucs’ points to a non-TLS port but is configured to use STARTTLS. There’s a (german) post about the error here: Error in Keycloak LDAP Query - TLS Problem to LDAP - #2 by hasechris92

If you didn’t change that (e.g. uncheck USE STARTTLS ) keycloak can’t get your users from Ldap.

Thanks for your reply. As I said, the UCS admin account works fine, but I was wondering about authenticating at keycloak with a non-admin UCS account.

Anyway, in the meantime I removed keycloak because I could not get it to work.

This will not help you much, because from UCS version 5.2 there is only Keycloak.