inteligr8/alfresco-keycloak
1
0
Fork 0
mirror of https://github.com/bmlong137/alfresco-keycloak.git synced 2025-05-12 21:24:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Simple-Configuration.md

Browse Source 
Added required option for newer Keycloak versions.
This commit is contained in:
Mark Tielemans 2024-08-28 18:19:33 +04:00 committed by Axel Faust
parent 5727c21f5c
commit 9c7838e217
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/Simple-Configuration.md
View File

@ -37,6 +37,7 @@ Two clients must be created for the Alfresco Repository and Share. The following
- "Mappers" => "Add Builtin" `groups` (on the client for Alfresco Repository, if mapping of authorities from Keycloak groups should be supported)
- "Service Account Roles" (on the client for Alfresco Repository, if active user / group synchronisation *or* the service/web script to expose roles for use e.g. in permission mangement should be supported)
- Assign client roles `query-groups`, `query-users`, `view-users` and `view-clients` on the client `realm-management`
- When using Keycloak 23 or newer, you must turn on "Exclude Issuer From Authentication Response" under "Advanced" => "OpenID Connect Compatibility Modes" for both clients
If the RFC 8693 OAuth 2.0 Token Exchange functionality is to be used for delegation of user authentication from Share to the Repository, an authorisation policy needs to be defined on the pre-existing client `realm-management`. The necessary elements can all be configured in the "Authorization" tab in the configuration of that client. The following elements must be created (if not pre-existing) and/or associated with one another.
@ -186,4 +187,4 @@ Similar to Alfresco's out-of-the-box SSO mechanisms for Share, the use of Keyclo
</endpoint>
</remote>
</config>
```
```