Merge branch 'aims' into acs-aims

2021-01-13 17:15:32 -05:00 · 2021-01-13 17:15:32 -05:00 · 77f2c5e0f1
commit 77f2c5e0f1
parent 69531bde6d 919d842d61
4 changed files with 54 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -88,11 +88,24 @@ services:
        image: alfresco/alfresco-activemq:5.15.8
        mem_limit: 256m

+    identity:
+        image: alfresco/alfresco-identity-service:1.3
+        user: jboss
+        environment:
+            KEYCLOAK_USER: admin
+            KEYCLOAK_PASSWORD: admin
+            KEYCLOAK_HOSTNAME: ${PROXY_HOST}
+            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
+            KEYCLOAK_STATISTICS: enabled
+        volumes:
+            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
+
    proxy:
        build: ./nginx-ingress
-        image: local/nginx-ingress:acs-share
+        image: local/nginx-ingress:acs-share-aims
        ports:
            - 8080:8080
        depends_on:
            - platform
            - share
+            - identity
--- a/keycloak-alfresco-realm.json
+++ b/keycloak-alfresco-realm.json
@ -0,0 +1,32 @@
+{
+  "realm": "alfresco",
+  "enabled": true,
+  "sslRequired": "external",
+  "registrationAllowed": false,
+  "roles": {
+    "realm": [ {
+      "name": "user",
+      "description": "User privileges"
+    }, {
+      "name": "admin",
+      "description": "Administrator privileges"
+    } ]
+  },
+  "clients": [
+    {
+      "clientId": "alfresco",
+      "name": "Alfresco Products",
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "redirectUris": [
+        "*"
+      ],
+      "publicClient": true,
+      "protocol": "openid-connect",
+      "attributes": {
+        "login_theme": "alfresco"
+      }
+    }
+  ],
+  "requiredCredentials": [ "password" ]
+}
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@ -8,6 +8,10 @@ if [[ $ACS_SHARE_URL ]]; then
  sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
 fi

+if [[ $AIMS_URL ]]; then
+  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
+fi
+
 if [[ $ACCESS_LOG ]]; then
  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
 fi
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@ -51,6 +51,10 @@ http {

        location /share/ {
            proxy_pass http://share:8080;
+        }
+
+        location /auth/ {
+            proxy_pass http://identity:8080;

            # If using external proxy / load balancer (for initial redirect if no trailing slash)
            absolute_redirect off;