questions

[maxodoble]

hi,

i've just seen this alfresco keycloak extension, and having a few questions:

• this extension also supports alfresco community share, which official alfresco keycloak (identity services) doesn't?
• is it possible to use a "real" keycloak server version instead of the alfresco implementation (identity services)

what would be the necessary steps to test these extensions e.g. for using/testing with alfresco share:

• install and configure keycloak or alfresco identity services?
• build and install Acosix Alfresco Utility project amp?
• build and install repo and share amps from this repo?
• configuration: what needs to be configured? alfresco-global.properties? share-custom.config?
• other steps?

Thanks for any insights to my questions,
cheers,
Max

[AFaust]

• Yes, this extension supports Alfresco Community Share - indeed, the Share support was the first feature added, and only recently I have started work on a more extensive support of Keycloak (e.g. claim / role mapping, user / group synch...)
• Yes, it is possible to use a "real" Keycloak server version. Indeed, I have only ever used a general Keycloak instance to develop and test this extension. E.g. I am using the default Keycloak Docker image in my POM's Docker config

I have not yet had the time to draft and provide polished documentation for this extension as it is a work in progress. I am planning to have this done and ready until Alfresco DevCon as I am submitting a talk on this particular extension.

As for the steps to setup / test:

• Install and configure Keycloak - either default Keycloak or Alfresco Identity Service should work, though only default Keycloak in latest versions has been tested
• Download and install Acosix Alfresco Utility AMP - you don't need to build it and can instead get it from Maven Central or the Sonatype Open Source Software Repository (snapshots)
• Build and Install AMPs of this project
• Configure alfresco-global.properties and share-config-custom.xml - again, I unfortunately do not have documentation yet and a lot of the configuration properties are based on name convention based mapping to Java fields from Keycloak libraries (including parent class properties)
• Configure a realm and client in Keycloak (look for the client with clientId "alfresco" - bear in mind that Share should have its own seperate client with its specific redirect URI, and my Share-tier enhancements have so far only been tested with the Alfresco default Identity Services authentication subsystem, while tests with my new Repository-tier generic Keycloak subsystem are pending)

[maxodoble]

Hi,

thank you very much for your comprehensive answers!
I'm tempted to try this stuff out, because it seems to open up interesting possibilities for Alfresco deployments.

I am also looking forward to your Alfresco Devcon talk, should be very interesting to listen to/watching it or reading about it.

Thanks again,
Max

[ayian2004]

Hi Alex,

I have a docker based installation of alfresco community (https://github.com/Alfresco/acs-community-deployment/blob/master/docker-compose/docker-compose.yml) and I am also interested in trying your add-on, since I have a standalone installation of keycloak (version 9.0.3 also with docker).

I have successfully cloned and built both alfresco-keycloak and alfresco-utility and copied both amp files (de.acosix.alfresco.utility.share-1.2.3.amp and de.acosix.alfresco.keycloak.share-1.1.0-rc4.amp) inside my alfresco-share:6.2.1 container (and specifically under /usr/local/tomcat/amps_share/).

However, when I restart the container and I access the some_path:8080/share/page/console/admin-console/module-package I only see "Alfresco / Google Docs Share Module".

Am I doing something wrong with the installation?

Also, regarding configuration of alfresco-global.properties and share-config-custom.xml the hyperlinks you have point to other files and I am confused as to which files to change. Also where is the location of these 2 files?

thank you in advance
-Alkis