FAQ: CoreCloudGateway - CGW
We recommend using CGW version >= 3.1.22
This version included several improvements and also prevents a sporadically 401 error in Webclient.
Change of Logout Parameter
Since CGW 3.1.20 there is new property in the CGW config which replaces the previous property:
cg.censhareLogoutUrls:
- http://${CENSHARE_SERVER_1:PORT}/forward/rest/service/webserver/rest/csLogout
- http://${CENSHARE_SERVER_2:PORT}/forward/rest/service/webserver/rest/csLogout
- ....
The previous value was a single-value property cg.censhareLogoutUrl
The new implementation uses cg.censhareLogoutUrls
and must contain an array of all necessary censhare logout URLs. Use IP addresses if necessary.
If cloud-gateway is running on the same server as the censhare server then localhost and port 9000 should be used:
cg.censhareLogoutUrls:
- http://localhost:9000/forward/rest/service/webserver/rest/csLogout
Direct Keycloak URIs
By default all Keycloak URIs use the external Keycloak URL, which is necessary so that a user is able to connect to the Keycloak server. For three URIs a direct connection can be used, when the Keycloak server is in the same network. This improves speed and security, as the communication wont leave the internal network. Please use the correct port, usually Keycloak listens to 8080.
Note: http protocol is used, as the proxy does the SSL termination in this example. Please see Truststore certificate validation below in case https is needed
spring.security.oauth2.client.provider.keycloak.token-uri: http://${INTERNAL_KEYCLOAK_SERVER:PORT}/auth/realms/censhare/protocol/openid-connect/token
spring.security.oauth2.client.provider.keycloak.jwk-set-uri: http://${INTERNAL_KEYCLOAK_SERVER:PORT}/auth/realms/censhare/protocol/openid-connect/certs
spring.security.oauth2.client.provider.keycloak.user-info-uri: http://${INTERNAL_KEYCLOAK_SERVER:PORT}/auth/realms/censhare/protocol/openid-connect/userinfo
Example: when Keycloak runs on the application server:
spring.security.oauth2.client.provider.keycloak.token-uri: http://localhost:8080/auth/realms/censhare/protocol/openid-connect/token
spring.security.oauth2.client.provider.keycloak.jwk-set-uri: http://localhost:8080/auth/realms/censhare/protocol/openid-connect/certs
spring.security.oauth2.client.provider.keycloak.user-info-uri: http://localhost:8080/auth/realms/censhare/protocol/openid-connect/userinfo
Cookie handling in proxy
CGW > 3.1.15 introduced a new cookie CGW_SESSION
for session handling with CGW. This needs to be handled in the proxy configuration. For example with haproxy this could be done like this:
backend cloud-gateway
cookie CGW_SESSION prefix nocache
Remove error message
On none- cloud systems there might be an error message flooding the logs:
core-cloud-gateway[1154]: {"timestamp":"2025-03-04 03:40:53.799","level":"ERROR","thread":"OkHttp http://localhost:4318/...","logger":"io.opentelemetry.exporter.internal.okhttp.OkHttpExporter","message":"Failed to export spans. The request could not be executed. Full error message: Failed to connect to localhost/127.0.0.1:4318","context":"default"}
To stop this from happening add the following line:
management.tracing.enabled: false
Truststore certificate validation
Optional in case certificates from company CA are used.
Add the following parameter to CGW and SRS startup. In this case the java truststore is used.
-Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts
-Djavax.net.ssl.trustStorePassword=changeit
- Why censhare chooses wrong 'Asset type metadata dialog' template?
- Technical FAQ censhare WP (webpack) and Keycloak
- Previews - Spot colors cause undesirable results
- MacOS Monterey support
- Is it possible to have more than one filesystem of the same type for a domain?
- Is Adobe InDesign Server able to open InDesign documents older than its own version?
- InDesign – Improve Performance Using Layouts with Many InCopy Texts
- How to assign a role to a any "Resource Replacement Variant" relation?
- How can I install different censhare-Client versions on Windows?
- FAQ - About the Asset Query Panel in the Layout Applications
- FAQ – censhare Full-Text-Search censhare know-how
- General help for InDesign version upgrades
- Why is a PDF, generated by a Render command within censhare, much larger than with the same settings in Acrobat Distiller
- FAQ - On Premises: Licensing, installing / setup and operating the Adobe Indesign Renderer and censhare Renderer Client
- Download censhareClient Software