In this article we will have a look at how to use the Alfresco Identity Services for centralized authentication and single sign on (SSO) with the Alfresco Digital Business Platform (DBP).
Alfresco DBP consists of Alfresco Content Services (ACS), Alfresco Process Services (APS), Alfresco Governance Services (AGS), and a number of modules and development frameworks, such as Alfresco Application Development Framework (ADF).
The Alfresco Identity Service has been available to use since ACS 6.0, APS 1.9, and ADF 2.4 product releases. In this article we will be using the following product versions: Identity Service 1.2, ACS 6.2.1, APS 1.11 and ADF 3.8.
This means that the applications that we are working with, such as ACS, APS, and ADF clients don’t have to deal with login forms and authentication. Once a user is logged into the Alfresco Identity Service they don’t have to login again to access ACS, APS, or any ADF application.
This also applies to logout, which means that once a user is logged out of Alfresco Identity Service they are also automatically logged out of all other applications.
Alfresco Identity Service is implemented on top of JBoss Keycloak, which is both an Identity Provider (IdP) and a token issuer for OAuth 2 tokens. Keycloak deals with authentication, safety password storage, SSO, two factor authentication etc. Keycloak supports protocols such as OpenID Connect and SAML. Keycloak can store the user data in a variety of places, such as LDAP, Active Directory, and RDBMS.
Alfresco Identity Service is basically a wrapper around the JBoss Keycloak service.