diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 21a2e0aef1..0b6b306852 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -53,24 +53,6 @@ updates:
- dependency-name: org.freemarker:freemarker
versions:
- "> 2.3.20-alfresco-patched-20200421"
- - dependency-name: org.keycloak:keycloak-adapter-core
- versions:
- - "> 12.0.2"
- - dependency-name: org.keycloak:keycloak-adapter-spi
- versions:
- - "> 12.0.2"
- - dependency-name: org.keycloak:keycloak-authz-client
- versions:
- - "> 12.0.2"
- - dependency-name: org.keycloak:keycloak-common
- versions:
- - "> 12.0.2"
- - dependency-name: org.keycloak:keycloak-core
- versions:
- - "> 12.0.2"
- - dependency-name: org.keycloak:keycloak-servlet-adapter-spi
- versions:
- - "> 12.0.2"
- dependency-name: org.eclipse.jetty:jetty-server
versions:
- 9.4.38.v20210224
diff --git a/pom.xml b/pom.xml
index 03712d6f18..8db3ece6b2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -83,7 +83,6 @@
7.7.10
5.2.2
5.2.3
- 18.0.0
3.5.0.Final
3.20.2
4.1.87.Final
diff --git a/repository/pom.xml b/repository/pom.xml
index 1a49e7713c..7c13673b4d 100644
--- a/repository/pom.xml
+++ b/repository/pom.xml
@@ -565,69 +565,6 @@
-
-
- org.keycloak
- keycloak-core
- ${dependency.keycloak.version}
-
-
- *
- *
-
-
-
-
- org.keycloak
- keycloak-common
- ${dependency.keycloak.version}
-
-
- *
- *
-
-
-
-
- org.keycloak
- keycloak-adapter-core
- ${dependency.keycloak.version}
-
-
- *
- *
-
-
-
-
- org.keycloak
- keycloak-adapter-spi
- ${dependency.keycloak.version}
-
-
- *
- *
-
-
-
-
- org.keycloak
- keycloak-servlet-adapter-spi
- ${dependency.keycloak.version}
-
-
- *
- *
-
-
-
-
-
- org.jboss.logging
- jboss-logging
- ${dependency.jboss.logging.version}
-
-
org.alfresco
diff --git a/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceConfig.java b/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceConfig.java
index 6f66f26c81..faba6e3be6 100644
--- a/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceConfig.java
+++ b/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceConfig.java
@@ -25,14 +25,9 @@
*/
package org.alfresco.repo.security.authentication.identityservice;
-import java.util.Map;
import java.util.Optional;
import java.util.Properties;
-import java.util.TreeMap;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.keycloak.representations.adapters.config.AdapterConfig;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.web.util.UriComponentsBuilder;
@@ -41,19 +36,21 @@ import org.springframework.web.util.UriComponentsBuilder;
*
* @author Gavin Cornwell
*/
-public class IdentityServiceConfig extends AdapterConfig implements InitializingBean
+public class IdentityServiceConfig implements InitializingBean
{
- private static final Log LOGGER = LogFactory.getLog(IdentityServiceConfig.class);
private static final String REALMS = "realms";
- private static final String SECRET = "secret";
private static final String CREDENTIALS_SECRET = "identity-service.credentials.secret";
- private static final String CREDENTIALS_PROVIDER = "identity-service.credentials.provider";
private Properties globalProperties;
private int clientConnectionTimeout;
private int clientSocketTimeout;
-
+ // client id
+ private String resource;
+ private String clientSecret;
+ private String authServerUrl;
+ private String realm;
+
public void setGlobalProperties(Properties globalProperties)
{
this.globalProperties = globalProperties;
@@ -98,48 +95,50 @@ public class IdentityServiceConfig extends AdapterConfig implements Initializing
@Override
public void afterPropertiesSet() throws Exception
{
- // programmatically build the more complex objects i.e. credentials
- Map credentials = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
-
- String secret = this.globalProperties.getProperty(CREDENTIALS_SECRET);
- if (secret != null && !secret.isEmpty())
- {
- credentials.put(SECRET, secret);
- }
-
- String provider = this.globalProperties.getProperty(CREDENTIALS_PROVIDER);
- if (provider != null && !provider.isEmpty())
- {
- credentials.put("provider", provider);
- }
-
- // TODO: add support for redirect-rewrite-rules and policy-enforcer if and when we need to support it
-
- if (!credentials.isEmpty())
- {
- this.setCredentials(credentials);
-
- if (LOGGER.isDebugEnabled())
- {
- LOGGER.debug("Created credentials map from config: " + credentials);
- }
- }
+ clientSecret = this.globalProperties.getProperty(CREDENTIALS_SECRET);
}
- String getIssuerUrl()
+ public String getAuthServerUrl()
{
- return UriComponentsBuilder.fromUriString(getAuthServerUrl())
- .pathSegment(REALMS, getRealm())
- .build()
- .toString();
+ return authServerUrl;
+ }
+
+ public void setAuthServerUrl(String authServerUrl)
+ {
+ this.authServerUrl = authServerUrl;
+ }
+
+ public String getRealm()
+ {
+ return realm;
+ }
+
+ public void setRealm(String realm)
+ {
+ this.realm = realm;
+ }
+
+ public String getResource()
+ {
+ return resource;
+ }
+
+ public void setResource(String resource)
+ {
+ this.resource = resource;
}
public String getClientSecret()
{
- return Optional.ofNullable(getCredentials())
- .map(c -> c.get(SECRET))
- .filter(String.class::isInstance)
- .map(String.class::cast)
- .orElse("");
+ return Optional.ofNullable(clientSecret)
+ .orElse("");
+ }
+
+ public String getIssuerUrl()
+ {
+ return UriComponentsBuilder.fromUriString(getAuthServerUrl())
+ .pathSegment(REALMS, getRealm())
+ .build()
+ .toString();
}
}
diff --git a/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceFacadeFactoryBean.java b/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceFacadeFactoryBean.java
index 44a1bf834a..43761021b7 100644
--- a/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceFacadeFactoryBean.java
+++ b/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceFacadeFactoryBean.java
@@ -82,7 +82,7 @@ public class IdentityServiceFacadeFactoryBean implements FactoryBean
${identity-service.realm}
-
- ${identity-service.realm-public-key:#{null}}
-
${identity-service.auth-server-url}
-
- ${identity-service.ssl-required:external}
-
-
- ${identity-service.confidential-port:0}
-
${identity-service.resource}
-
- ${identity-service.use-resource-role-mappings:false}
-
-
- ${identity-service.enable-cors:false}
-
-
- ${identity-service.cors-max-age:-1}
-
-
- ${identity-service.cors-allowed-headers:#{null}}
-
-
- ${identity-service.cors-allowed-methods:#{null}}
-
-
- ${identity-service.cors-exposed-headers:#{null}}
-
-
- ${identity-service.expose-token:false}
-
-
- ${identity-service.bearer-only:false}
-
-
- ${identity-service.autodetect-bearer-only:false}
-
-
- ${identity-service.enable-basic-auth:false}
-
-
- ${identity-service.public-client:false}
-
-
- ${identity-service.allow-any-hostname:false}
-
-
- ${identity-service.disable-trust-manager:false}
-
-
- ${identity-service.truststore:#{null}}
-
-
- ${identity-service.truststore-password:#{null}}
-
-
- ${identity-service.client-keystore:#{null}}
-
-
- ${identity-service.client-keystore-password:#{null}}
-
-
- ${identity-service.client-key-password:#{null}}
-
-
- ${identity-service.connection-pool-size:20}
-
-
- ${identity-service.always-refresh-token:false}
-
-
- ${identity-service.register-node-at-startup:false}
-
-
- ${identity-service.register-node-period:-1}
-
-
- ${identity-service.token-store:#{null}}
-
-
- ${identity-service.principal-attribute:#{null}}
-
-
- ${identity-service.turn-off-change-session-id-on-login:false}
-
-
- ${identity-service.token-minimum-time-to-live:0}
-
-
- ${identity-service.min-time-between-jwks-requests:10}
-
-
- ${identity-service.public-key-cache-ttl:86400}
-
-
- ${identity-service.enable-pkce:false}
-
-
- ${identity-service.ignore-oauth-query-parameter:false}
-
${identity-service.client-connection-timeout:2000}
diff --git a/repository/src/main/resources/alfresco/subsystems/Authentication/identity-service/identity-service-authentication.properties b/repository/src/main/resources/alfresco/subsystems/Authentication/identity-service/identity-service-authentication.properties
index 174b696b10..319a7f4616 100644
--- a/repository/src/main/resources/alfresco/subsystems/Authentication/identity-service/identity-service-authentication.properties
+++ b/repository/src/main/resources/alfresco/subsystems/Authentication/identity-service/identity-service-authentication.properties
@@ -2,12 +2,11 @@ identity-service.authentication.enabled=true
identity-service.authentication.validation.failure.silent=true
identity-service.authentication.defaultAdministratorUserNames=admin
identity-service.authentication.allowGuestLogin=true
-# The keycloak client required to perform username/password authentication will not be created if false
+# The Identity Service client required to perform username/password authentication will not be created if false
identity-service.authentication.enable-username-password-authentication=true
# Identity Service configuration
identity-service.auth-server-url=http://localhost:8180/auth
identity-service.realm=alfresco
-identity-service.ssl-required=none
identity-service.resource=alfresco
identity-service.public-client=true
diff --git a/repository/src/test/resources/log4j2.properties b/repository/src/test/resources/log4j2.properties
index 6b873ba637..6a3a648f4f 100644
--- a/repository/src/test/resources/log4j2.properties
+++ b/repository/src/test/resources/log4j2.properties
@@ -452,9 +452,6 @@ logger.alfresco-repo-usage-RepoUsageMonitor.level=info
logger.alfresco-repo-security-authentication-identityservice.name=org.alfresco.repo.security.authentication.identityservice
logger.alfresco-repo-security-authentication-identityservice.level=debug
-logger.keycloak.name=org.keycloak
-logger.keycloak.level=debug
-
# Renditions and Transforms
logger.alfresco-repo-content-transform-TransformerDebug.name=org.alfresco.repo.content.transform.TransformerDebug
logger.alfresco-repo-content-transform-TransformerDebug.level=debug