Hi Alex, can you support us for Alfresco Keycloak Integration?
riccardosaponi opened this issue · comments
Hi Alex,
We have configured a docker-compose based installation of alfresco community (https://github.com/Alfresco/acs-community-deployment/blob/master/docker-compose/docker-compose.yml) and I am trying to setup your add-on with keycloack 12.0.4, standalone.
I have cloned and build alfresco-utility and alfresco-keycloak, both the amp files.
The docker-compose starts successfully.
In alfresco repository i find two amps:
- de.acosix.alfresco.keycloak.repo-1.1.0-rc6.amp
- de.acosix.alfresco.utility.repo-1.2.5.amp
In alfresco share i find the two other amps: - de.acosix.alfresco.keycloak.share-1.1.0-rc6.amp
- de.acosix.alfresco.utility.share-1.2.5.amp
When i go to the console i can see the amps for share
First time i set the base url of KC with this value "http://localhost:8180/auth" and Share starts with a warning. It cannot resolve "localhost:8180".
So I set the base url of keycloak with this value: "http://host.docker.internal:8180/auth". All the docker-compose starts successfully, and if i go in the share container i am able to download the index page of keycloak with a "wget http://host.docker.internal:8180/auth".
So I think that all the containers are started very good and that i haven't network issues.
But if I go to http://localhost:8080/share i see the default login page of Share, with no SSO button.
Am I doing something wrong with the installation?
Regarding the configuration of alfresco-global.properties and share-config-custom.xml: i am not sure to understand correctly the documentation. All the values about sso are managed by these two files in the repo?
- src/main/globalConfig/subsystems/Authentication/keycloak/keylocak-authentication.properties
- src/main/config/default-config.xml
Or maybe i have to move and edit these file in another position?
thank you in advance
Since we already talked about this on Discord, I am going to close the issue, but will leave some comments / remarks here just as a summary for anyone else looking into this.
Note: You do not have to build the Utility or (most recent release candidates of) the Keycloak module as both are published to Maven Central.
Documentation is currently a work-in-progress (delayed due to lack of time as some customer projects are more pressing) and state is available in a separate branch, e.g. Simple Configuration.
Necessary minimum configuration for a Docker-Compose based setup typically entails:
- additions to alfresco-global.properties (server config in
tomcat/shared/classes/
) or subsystem extension configuration (tomcat/shared/classes/alfresco/extension/subsystems/Authentication/keycloak/<idOfKeycloakFromChain>/<any>.properties
) configuring Keycloak public URL and direct URL, as well as realm, client + secret - a share-config-custom.xml file (or share-config-custom-dev.xml) configuring Keycloak public URL and direct URL (latter if direct URL != public URL)
- enable Share endpoint definitions to use single sign on via the
/wcs/
endpoint on ACS and using external identity (if provided/authenticated)