The properties listed that need to be set for Alfresco Share are only those that are required for setting up SSO.
Use the following configuration parameters either in the share-config.properties file, using the share config map in Kubernetes, or as environment variables in a Docker Compose file:
Property | Description |
---|---|
aims.enabled |
Enables or disables Keycloak, for example true. |
aims.realm |
The name of the realm, for example alfresco. If the aims.realm property is set to any value, Keycloak is used for authentification and the realm is included in the Auth Server URL. |
aims.secret |
The secret key for OIDC Identity Provider. |
aims.audience |
Specifies the intended audience. This property is required to build the authentication request. |
aims.redirectUri |
The URI to redirect to after a user is authenticated and logged in. This property is required. If it is set to an empty string, then the default request is used as the redirect URI. Note: Wildcard characters are only supported in
Keycloak.
|
aims.logoutUri |
The URI of OIDC Identity Provider when a Well-Known endpoint does not provide the logout URI. Note: To access the OpenID Connect configuration,
use the following address:
https://serverURL/.well-known/openid-configuration.
|
aims.postLogoutUrl |
The URL of Share to redirect to after a user is logged out. |
aims.issuerUrl |
Allows to provide the Identity Provider base URL and the issuer URL. |
aims.logout.post_logout_redirect_uri_label |
Allows to provide the post logout redirect URI label. |
aims.logout.post_logout_redirect_uri_value |
Allows to provide the post logout redirect URI value. |
aims.logout.client_id_label |
Allows to add the Client ID if needed. The default value is client_id. |
aims.logout.client_id_value |
Allows to add a value of client_id. |
aims.logout.useIdTokenHint |
Boolean flag to check whether id_token_hint is required or not. |
aims.resource | The Client ID of the application, for example share. |
aims.authServerUrl | Keycloak’s base URL, for example https://keycloak.example.com. |
aims.publicClient | If set to true, the adapter will not send credentials for the client to Keycloak. |