The configuration for SAML authentication allows users to access Alfresco products in a single browser session by entering their credentials only once and authenticating against a SAML identity provider. An LDAP directory is used for user and group management.
As shown in the diagram, a connection to the SAML identity provider is configured within Keycloak in order to authenticate Alfresco Share, Alfresco Digital Workspace, and Alfresco Process Services. This also includes setting up a service provider within the SAML identity provider for Keycloak.
Alfresco Content Services and Alfresco Process Services are connected directly to the Keycloak instance so that Keycloak can authenticate a user when it is contacted by the respective web application.
The LDAP directory is used for user and group management and is configured to synchronize users to Keycloak, Alfresco Content Services and Alfresco Process Services individually.