An SSO connection can be configured between Process Services and Content Services so that communication between the two systems is achieved using tokens instead of stored credentials when executing processes.
-
Set these additional properties in
activiti-identity-service.properties:
Property Description alfresco.content.sso.enabled Sets whether SSO is enabled between Process Services and Content Services, for example ${keycloak.enabled}. alfresco.content.sso.client_id The Client ID within the realm that points to Process Services, for example ${keycloak.resource}. alfresco.content.sso.client_secret The secret key for the Process Services client, for example ${keycloak.credentials.secret}. alfresco.content.sso.realm The realm that is configured for the Content Services and Process Services clients, for example ${keycloak.realm}. alfresco.content.sso.scope Sets the duration that tokens are valid for. For example using the value offline_access a token is valid even after a user logs out as long as the token is used at least once every 30 days. See the Keycloak documentation for further information, for example offline_access. alfresco.content.sso.javascript_origins The base URL for the Javascript origins of the Process Services instance, for example https://aps.example.com. alfresco.content.sso.auth_uri The authorization URL, for example https://keycloak.example.com/realms/alfresco/protocol/openid-connect/auth. alfresco.content.sso.token_uri The authorization token URL, for example https://keycloak.example.com/realms/alfresco/protocol/openid-connect/token. alfresco.content.sso.redirect_uri The redirect URI for authorization. The value in the example column needs to be updated with the correct base URL for the Process Services instance, for examplehttps://aps.example.com/activiti-app/rest/integration/sso/confirm-auth-request. - Sign into Process Services as an administrator.
- Navigate to Identity Management Tenants Alfresco Repositories.
- Add a new repository or edit an existing connection.
-
Configure the following settings for the repository connection:
Setting Description Name A name for the repository connection. Alfresco tenant The tenant to create the repository under. Repository base URL The base URL of the repository instance to connect to. Share base URL The base URL of Share for the repository instance to connect to. Alfresco version The version of Content Services to connect to. Authentication type Select Identity Service authentication to use SSO.