The properties listed that need to be set for Alfresco Share are only those that are required for setting up SSO.
Use the following configuration parameters either in the share-config.properties file, using the share config map in Kubernetes, or as environment variables in a Docker Compose file:
| Property | Description |
|---|---|
| aims.principalAttribute | Specifies an attribute from an access token and the UserInfo endpoint that needs to be
used to retrieve the user name. For consistency, the claim must be included in both the access token and the UserInfo endpoint reponse. If this attribute is missing in the access token, the repository attempts to retrieve the missing information from the UserInfo endpoint, resulting in an additional API call. The default value is preferred_username. |
| aims.enabled | Enables or disables Keycloak, for example true. |
| aims.realm | The name of the realm, for example alfresco. If the aims.realm property is set to any value, Keycloak is used for authentification and the realm is included in the Auth Server URL. |
| aims.secret | The secret key for OIDC Identity Provider. |
| aims.audience | Specifies the intended audience. This property is required to build the authentication request. |
| aims.redirectUri | The URI to redirect to after a user is authenticated and logged
in. This property is required. If it is set to an empty string, then the default request is used as the redirect URI. Note: Wildcard characters are only supported in
Keycloak.
|
| aims.logoutUri | The URI of OIDC Identity Provider when a Well-Known endpoint does not
provide the logout URI. Note: To access the OpenID
Connect configuration, use the following address:
https://serverURL/.well-known/openid-configuration.
|
| aims.postLogoutUrl | The URL of Share to redirect to after a user is logged out. |
| aims.issuerUrl | Allows to provide the Identity Provider base URL and the issuer URL. |
| aims.logout.post_logout_redirect_uri_label | Allows to provide the post logout redirect URI label. |
| aims.logout.post_logout_redirect_uri_value | Allows to provide the post logout redirect URI value. |
| aims.logout.client_id_label | Allows to add the Client ID if needed. The default value is client_id. |
| aims.logout.client_id_value | Allows to add a value of client_id. |
| aims.logout.useIdTokenHint | Boolean flag to check whether id_token_hint is required or not. |
| aims.resource | The Client ID of the application, for example share. |
| aims.authServerUrl | Keycloak’s base URL, for example https://keycloak.example.com. |
| aims.publicClient | If set to true, the adapter will not send credentials for the client to Keycloak. |
| aims.shareContext.value | Specifies a context for deploying Share. This property is required. If set to an empty string, then Share is deployed using the default context. To deploy Share using a different context, set it to a value, for example: /newContext. |