Merge branch 'acs-aims' into acs-aims-enterprise

2021-01-14 11:19:10 -05:00 · 2021-01-14 11:19:10 -05:00 · d87935cd44
commit d87935cd44
parent a388c1d2fb 0be038fe07
4 changed files with 33 additions and 19 deletions
--- a/.env
+++ b/.env
@ -5,3 +5,4 @@ ALFRESCO_LICENSE_DIR=~/alfresco/license
 PROXY_PROTOCOL=http
 PROXY_HOST=localhost
 PROXY_PORT=8080
+IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -50,7 +50,7 @@ services:

                -Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
                -Didentity-service.authentication.defaultAdministratorUserNames=admin.1
-                -Didentity-service.auth-server-url=http://identity:8080/auth
+                -Didentity-service.auth-server-url=${IDENTITY_SERVICE_BASEURL}/auth
                
                -Dsystem.content.eagerOrphanCleanup=true
                -Dsystem.content.orphanProtectDays=0
@ -106,8 +106,8 @@ services:
                -Dalfresco.protocol=${PROXY_PROTOCOL}
                -Daims.enabled=true
                -Daims.realm=alfresco
-                -Daims.resource=alfresco
-                -Daims.authServerUrl=http://identity:8080/auth
+                -Daims.resource=acs-share
+                -Daims.authServerUrl=${IDENTITY_SERVICE_BASEURL}/auth
                -Daims.sslRequired=none
                -Daims.publicClient=true
                -Daims.autodetectBearerOnly=true
@ -173,9 +173,13 @@ services:
        environment:
            KEYCLOAK_USER: admin
            KEYCLOAK_PASSWORD: admin
-            KEYCLOAK_HOSTNAME: ${PROXY_HOST}
+            KEYCLOAK_HOSTNAME: auth.example.org
            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
            KEYCLOAK_STATISTICS: enabled
+        networks:
+            default:
+                aliases:
+                    - "auth.example.org"
        volumes:
            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro

--- a/keycloak-alfresco-realm.json
+++ b/keycloak-alfresco-realm.json
@ -10,16 +10,7 @@
    }, {
      "name": "admin",
      "description": "Administrator privileges"
-    } ],
-    "client": {
-      "alfresco": [
-        {
-          "name": "administrator",
-          "composite": false,
-          "clientRole": true
-        }
-      ]
-    }
+    } ]
  },
  "clients": [
    {
@ -28,6 +19,24 @@
      "enabled": true,
      "alwaysDisplayInConsole": false,
      "redirectUris": [ "*" ],
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": true,
+      "directAccessGrantsEnabled": false,
+      "publicClient": true,
+      "protocol": "openid-connect",
+      "attributes": {
+        "login_theme": "alfresco"
+      }
+    },
+    {
+      "clientId": "acs-share",
+      "name": "ACS Share",
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "redirectUris": [ "*" ],
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
      "publicClient": true,
      "protocol": "openid-connect",
      "attributes": {
@ -46,10 +55,7 @@
          "value" : "password"
        }
      ],
-      "realmRoles": [ "user" ],
-      "clientRoles": {
-        "alfresco": ["administrator"]
-      }
+      "realmRoles": [ "user", "admin" ]
    }
  ]
 }
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@ -19,7 +19,10 @@ http {

        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
-        proxy_buffering off;
+#        proxy_buffering off;
+        proxy_buffer_size	64k;
+        proxy_buffers		4 256k;
+        proxy_busy_buffers_size	256k;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;