LDAP - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

The configuration for LDAP authentication will allow users to access Alfresco products in a single browser session by entering their credentials only once and authenticating against an LDAP directory.

The following diagram illustrates the components and authentication flow for an LDAP setup:

A diagram w LDAP setup. In the first row, there are Alfresco Share, Alfresco digital Workspace, and Alfresco Process Services. The Keycloak is further connected to Alfresco Content Service, LDAP Directory, and Alfresco Process Services. They are all connected to the Keycloak in both ways, meaning that all of them serve both as inputs and outputs..

As shown in the diagram, Keycloak is used to authenticate the Alfresco Digital Workspace, Alfresco Share, and Alfresco Process Services.

Alfresco Share is configured to authenticate against Keycloak using a SAML connection, however this does not require a SAML identity provider to be used.

Alfresco Content Services and Alfresco Process Services are connected directly to the Keycloak instance so that Keycloak can authenticate a user when it is contacted by the respective web application.

The LDAP directory is used for user and group management and is configured to synchronize users to Keycloak, Alfresco Content Services, and Alfresco Process Services individually.