Configure a service provider for Keycloak - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

A Service provider needs to be set up in the SAML identity provider for Keycloak using a certificate generated by the Keycloak API.

  1. Use the Keycloak certificate descriptor API. The URL of the API is https://keycloak.example.com/auth/realms/alfresco/protocol/saml/descriptor.
  2. Copy the value of <dsig:X509Certificate>.Paste the value of <dsig:X509Certificate> into a new text file between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- commands. The following is an example of a completed text file:
     -----BEGIN CERTIFICATE-----
     MIICnzCCAYcCBgFkqEAQCDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhhbGZyZXNjbzA
     -----END CERTIFICATE-----
    
  3. Save the file with the file extension .cert.
  4. Sign into the SAML identity provider as an administrator and configure a new service provider:
    • The base URL to use is: https://keycloak.example.com/.
    • Use the certificate created in the previous step.
    • The redirect URI to use will be in the format https://keycloak.example.com/auth/realms/alfresco/broker/saml/endpoint.
    Note: The Alfresco part of the URL is the name of the realm configured in Configure a realm and clients. Make sure this is changed if you used a different realm name.
  5. Export or note down the details of the newly created service provider to import into Keycloak in the following step.