Configure a realm and clients - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

A realm and client need to be configured in Keycloak for the Alfresco products to sit under. A single realm is required, however multiple clients may be used instead of the single one used in this example.

A separate client always needs to be created and configured for Desktop Sync if it is used. The configuration steps for this additional client can be ignored if Desktop Sync is not used.

  1. Sign into the Keycloak Administration Console (Keycloak Admin Console).
  2. Select the default realm, Alfresco or create a new realm to use that the Alfresco products will be accessed through. Note down the Name for later use. The realm Alfresco will be used in this example.
  3. Select Tokens and set a timeout period in the Realm Settings for the realm Alfresco.
  4. Use the default client under the Alfresco realm or create a new client and configure it. Make sure that at least the following are set:
    1. The client is Enabled.
    2. A Client ID is set.
    3. Implicit Flow Enabled is switched on.
    4. A wildcard * is entered for Valid Redirect URIs.
  5. To configure single logout for Process Services add the following URL into the Admin URL: aps.example.com/activiti-app.
  6. Create a new client for Alfresco Share under the Alfresco realm or the realm you created, setting at least the following:

    In the Settings tab:

    1. Client ID is set to a valid value, for example share.
    2. Enabled must be set to true.
    3. Client Protocol is set to openid-connect.
    4. Access Type is set to public.
    5. Standard Flow is enabled.
    6. Valid Redirect URIs is set to *.
  7. Create a new client for Desktop Sync under the Alfresco realm or the realm you created setting at least the following :

    In the Settings tab:

    1. A unique and identifiable Client ID .
    2. The Valid Redirect URI must be set to http://127.0.0.1*, http://localhost*.
    3. Implicit Flow Enabled is switched off.