A realm and client need to be configured in Keycloak for the Alfresco products to sit under. A single realm is required and the client will be used for all services other than Alfresco Share and Alfresco Office Services (AOS).
- Sign into the Keycloak Administration Console (Keycloak Admin Console).
- Select the default realm, Alfresco or create a new realm to use that the Alfresco products will be accessed through. Note down the Name for later use. The realm Alfresco will be used in this example.
- Select Tokens and set a timeout period in the Realm Settings for the realm Alfresco.
-
Use the default client under the Alfresco realm or create
a new client and configure it. Make sure that at least the following are
set:
- The client is Enabled.
- A Client ID is set.
- Implicit Flow Enabled is switched on.
- A wildcard * is entered for Valid Redirect URIs.
- To configure single logout for Process Services add the following URL into the Admin URL: aps.example.com/activiti-app.
-
Create a new client for Alfresco Share under the Alfresco
realm or the realm you created, setting at least the following:
- Client ID is set to a valid value (for example, share).
- Enabled is set to true.
- Client Protocol is set to openid-connect.
- Access Type is set to public.
- Standard Flow is enabled.
- Valid Redirect URIs is set to *.