The configuration for LDAP authentication will allow users to access Alfresco products in a single browser session by entering their credentials only once and authenticating against an LDAP directory.
The following diagram illustrates the components and authentication flow for an LDAP setup:
As shown in the diagram, Keycloak is used to authenticate the Alfresco Digital Workspace, Alfresco Share, and Alfresco Process Services.
Alfresco Share is configured to authenticate against Keycloak using a SAML connection, however this does not require a SAML identity provider to be used.
Alfresco Content Services and Alfresco Process Services are connected directly to the Keycloak instance so that Keycloak can authenticate a user when it is contacted by the respective web application.
The LDAP directory is used for user and group management and is configured to synchronize users to Keycloak, Alfresco Content Services, and Alfresco Process Services individually.