Configure Alfresco Share properties - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

The properties listed that need to be set for Alfresco Share are only those that are required for setting up SSO.

Use the following configuration parameters either in the share-config.properties file, using the share config map in Kubernetes, or as environment variables in a Docker Compose file:

Property Description
aims.enabled

Enables or disables Keycloak, for example true.

aims.realm

The name of the realm, for example alfresco.

If the aims.realm property is set to any value, Keycloak is used for authentification and the realm is included in the Auth Server URL.

aims.secret

The secret key for OIDC Identity Provider.

aims.audience

Specifies the intended audience.

This property is required to build the authentication request.

aims.redirectUri

The URI to redirect to after a user is authenticated and logged in.

This property is required. If it is set to an empty string, then the default request is used as the redirect URI.

Note: Wildcard characters are only supported in Keycloak.
aims.logoutUri

The URI of OIDC Identity Provider when a Well-Known endpoint does not provide the logout URI.

Note: To access the OpenID Connect configuration, use the following address: https://serverURL/.well-known/openid-configuration.
aims.postLogoutUrl

The URL of Share to redirect to after a user is logged out.

aims.issuerUrl

Allows to provide the Identity Provider base URL and the issuer URL.

aims.logout.post_logout_redirect_uri_label

Allows to provide the post logout redirect URI label.

aims.logout.post_logout_redirect_uri_value

Allows to provide the post logout redirect URI value.

aims.logout.client_id_label

Allows to add the Client ID if needed.

The default value is client_id.

aims.logout.client_id_value

Allows to add a value of client_id.

aims.logout.useIdTokenHint

Boolean flag to check whether id_token_hint is required or not.

aims.resource The Client ID of the application, for example share.
aims.authServerUrl Keycloak’s base URL, for example https://keycloak.example.com.
aims.publicClient If set to true, the adapter will not send credentials for the client to Keycloak.
Note: In Alfresco Content Services 23.2 and earlier, the scope of email, profile, and OpenID are added by default. However, in Alfresco Content Services 23.3 and later, the value will be retrieved from a Well-Known endpoint and incorporated during the Client Registration process.