From b124cd027c253d894d2e7e099d773a406cc50ee9 Mon Sep 17 00:00:00 2001
From: Brian Long <brian@inteligr8.com>
Date: Thu, 14 Jan 2021 09:39:34 -0500
Subject: [PATCH 1/2] added default admin.1 user

---
 keycloak-alfresco-realm.json | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/keycloak-alfresco-realm.json b/keycloak-alfresco-realm.json
index dbbb756..f12d06c 100644
--- a/keycloak-alfresco-realm.json
+++ b/keycloak-alfresco-realm.json
@@ -10,7 +10,16 @@
     }, {
       "name": "admin",
       "description": "Administrator privileges"
-    } ]
+    } ],
+    "client": {
+      "alfresco": [
+        {
+          "name": "administrator",
+          "composite": false,
+          "clientRole": true
+        }
+      ]
+    }
   },
   "clients": [
     {
@@ -18,9 +27,7 @@
       "name": "Alfresco Products",
       "enabled": true,
       "alwaysDisplayInConsole": false,
-      "redirectUris": [
-        "*"
-      ],
+      "redirectUris": [ "*" ],
       "publicClient": true,
       "protocol": "openid-connect",
       "attributes": {
@@ -28,5 +35,21 @@
       }
     }
   ],
-  "requiredCredentials": [ "password" ]
+  "requiredCredentials": [ "password" ],
+  "users": [
+    {
+      "username" : "admin.1",
+      "enabled": true,
+      "credentials" : [
+        {
+          "type" : "password",
+          "value" : "password"
+        }
+      ],
+      "realmRoles": [ "user" ],
+      "clientRoles": {
+        "alfresco": ["administrator"]
+      }
+    }
+  ]
 }

From ca420b43e222509760070a50b0b9378e45c1e95c Mon Sep 17 00:00:00 2001
From: Brian Long <brian@inteligr8.com>
Date: Thu, 14 Jan 2021 09:40:28 -0500
Subject: [PATCH 2/2] added aims config to platform/share

---
 docker-compose.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 8ca7203..26f6f34 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -36,6 +36,10 @@ services:
                 -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
 
                 -Dtransform.service.enabled=false
+
+                -Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
+                -Didentity-service.authentication.defaultAdministratorUserNames=admin.1
+                -Didentity-service.auth-server-url=http://identity:8080/auth
                 
                 -Dsystem.content.eagerOrphanCleanup=true
                 -Dsystem.content.orphanProtectDays=0
@@ -62,6 +66,16 @@ services:
                 -Dalfresco.host=${PROXY_HOST}
                 -Dalfresco.port=${PROXY_PORT}
                 -Dalfresco.protocol=${PROXY_PROTOCOL}
+                -Daims.enabled=true
+                -Daims.realm=alfresco
+                -Daims.resource=alfresco
+                -Daims.authServerUrl=http://identity:8080/auth
+                -Daims.sslRequired=none
+                -Daims.publicClient=true
+                -Daims.autodetectBearerOnly=true
+                -Daims.alwaysRefreshToken=true
+                -Daims.principalAttribute=preferred_username
+                -Daims.enableBasicAuth=true
                 "
     
     postgres-acs: