Alfresco Digital Workspace only requires its properties to be updated to enable SSO. For manual deployments these can be updated in the app.config.json file and for Docker and Kubernetes deployments using environment variables.
Property | Environment variable | Description |
---|---|---|
authType | APP_CONFIG_AUTH_TYPE | The authentication type. Must be set to OAUTH. |
oauth2.host | APP_CONFIG_OAUTH2_HOST | Keycloak’s address including the realm name configured in Configure a realm and clients. In the example the realm name is Alfresco. |
oauth2.clientId | APP_CONFIG_OAUTH2_CLIENTID | The name of the client configured in Configure a realm and clients for Digital Workspace. |
oauth2.implicitFlow | APP_CONFIG_OAUTH2_IMPLICIT_FLOW | |
oauth2.silentLogin | APP_CONFIG_OAUTH2_SILENT_LOGIN | Setting silentLogin to true removes a login page from displaying if a user is already authenticated. Setting the value to false will display a sign in page even though a user needs to only select the Sign in option and not enter any credentials. |
oauth2.redirectSilentIframeUri | APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI | The address that Digital Workspace uses to refresh authorization tokens. |
oauth2.redirectUri | APP_CONFIG_OAUTH2_REDIRECT_LOGIN | The URL to redirect to after a user is successfully authenticated. |
oauth2.redirectUriLogout | APP_CONFIG_OAUTH2_REDIRECT_LOGOUT | The URL to redirect to after a user successfully signs out. |
Note: If implicitFlow is set to
false the grant type password will be used
instead.
The following is an example app.config.json file excerpt. By default this file is located in the /src directory.
"authType": "OAUTH", "oauth2": { "host": "https://keycloak.example.com/auth/realms/alfresco", "clientId": "alfresco", "scope": "openid", "implicitFlow": true, "silentLogin": true, "redirectSilentIframeUri": "https://adw.example.com/workspace/assets/silent-refresh.html", "redirectUri": "/workspace/", "redirectUriLogout": "/workspace/logout" }