diff --git a/docker-compose.yml b/docker-compose.yml index df4c838..1607835 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -47,6 +47,10 @@ services: -Dtransform.misc.url=http://transform-engine-aio:8090 -Ddsync.service.uris=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/sync + + -Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm + -Didentity-service.authentication.defaultAdministratorUserNames=admin.1 + -Didentity-service.auth-server-url=http://identity:8080/auth -Dsystem.content.eagerOrphanCleanup=true -Dsystem.content.orphanProtectDays=0 @@ -100,6 +104,16 @@ services: -Dalfresco.host=${PROXY_HOST} -Dalfresco.port=${PROXY_PORT} -Dalfresco.protocol=${PROXY_PROTOCOL} + -Daims.enabled=true + -Daims.realm=alfresco + -Daims.resource=alfresco + -Daims.authServerUrl=http://identity:8080/auth + -Daims.sslRequired=none + -Daims.publicClient=true + -Daims.autodetectBearerOnly=true + -Daims.alwaysRefreshToken=true + -Daims.principalAttribute=preferred_username + -Daims.enableBasicAuth=true " postgres-acs: diff --git a/keycloak-alfresco-realm.json b/keycloak-alfresco-realm.json index dbbb756..f12d06c 100644 --- a/keycloak-alfresco-realm.json +++ b/keycloak-alfresco-realm.json @@ -10,7 +10,16 @@ }, { "name": "admin", "description": "Administrator privileges" - } ] + } ], + "client": { + "alfresco": [ + { + "name": "administrator", + "composite": false, + "clientRole": true + } + ] + } }, "clients": [ { @@ -18,9 +27,7 @@ "name": "Alfresco Products", "enabled": true, "alwaysDisplayInConsole": false, - "redirectUris": [ - "*" - ], + "redirectUris": [ "*" ], "publicClient": true, "protocol": "openid-connect", "attributes": { @@ -28,5 +35,21 @@ } } ], - "requiredCredentials": [ "password" ] + "requiredCredentials": [ "password" ], + "users": [ + { + "username" : "admin.1", + "enabled": true, + "credentials" : [ + { + "type" : "password", + "value" : "password" + } + ], + "realmRoles": [ "user" ], + "clientRoles": { + "alfresco": ["administrator"] + } + } + ] }