Giters

Acosix / alfresco-keycloak

Alfresco addon to provide Keycloak-related extensions / customisations for Repository and Share

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Hi Alex, can you support us for Alfresco Keycloak Integration?

riccardosaponi opened this issue · comments

commented

Hi Alex,

We have configured a docker-compose based installation of alfresco community (https://github.com/Alfresco/acs-community-deployment/blob/master/docker-compose/docker-compose.yml) and I am trying to setup your add-on with keycloack 12.0.4, standalone.

I have cloned and build alfresco-utility and alfresco-keycloak, both the amp files.
The docker-compose starts successfully.
In alfresco repository i find two amps:

  • de.acosix.alfresco.keycloak.repo-1.1.0-rc6.amp
  • de.acosix.alfresco.utility.repo-1.2.5.amp
    In alfresco share i find the two other amps:
  • de.acosix.alfresco.keycloak.share-1.1.0-rc6.amp
  • de.acosix.alfresco.utility.share-1.2.5.amp

When i go to the console i can see the amps for share
image

First time i set the base url of KC with this value "http://localhost:8180/auth" and Share starts with a warning. It cannot resolve "localhost:8180".
So I set the base url of keycloak with this value: "http://host.docker.internal:8180/auth". All the docker-compose starts successfully, and if i go in the share container i am able to download the index page of keycloak with a "wget http://host.docker.internal:8180/auth".

So I think that all the containers are started very good and that i haven't network issues.

But if I go to http://localhost:8080/share i see the default login page of Share, with no SSO button.

Am I doing something wrong with the installation?

Regarding the configuration of alfresco-global.properties and share-config-custom.xml: i am not sure to understand correctly the documentation. All the values about sso are managed by these two files in the repo?

  • src/main/globalConfig/subsystems/Authentication/keycloak/keylocak-authentication.properties
  • src/main/config/default-config.xml

Or maybe i have to move and edit these file in another position?

thank you in advance

commented

Since we already talked about this on Discord, I am going to close the issue, but will leave some comments / remarks here just as a summary for anyone else looking into this.

Note: You do not have to build the Utility or (most recent release candidates of) the Keycloak module as both are published to Maven Central.

Documentation is currently a work-in-progress (delayed due to lack of time as some customer projects are more pressing) and state is available in a separate branch, e.g. Simple Configuration.

Necessary minimum configuration for a Docker-Compose based setup typically entails:

  • additions to alfresco-global.properties (server config in tomcat/shared/classes/) or subsystem extension configuration (tomcat/shared/classes/alfresco/extension/subsystems/Authentication/keycloak/<idOfKeycloakFromChain>/<any>.properties) configuring Keycloak public URL and direct URL, as well as realm, client + secret
  • a share-config-custom.xml file (or share-config-custom-dev.xml) configuring Keycloak public URL and direct URL (latter if direct URL != public URL)
  • enable Share endpoint definitions to use single sign on via the /wcs/ endpoint on ACS and using external identity (if provided/authenticated)