The Alfresco Identity Service has been available to use since ACS 6.0, APS 1.9, and ADF 2.4 product releases. In this article we will be using the following product versions: Identity Service 1.2, ACS 6.2.1, APS 1.11 and ADF 3.8.
This means that the applications that we are working with, such as ACS, APS, and ADF clients don’t have to deal with login forms and authentication. Once a user is logged into the Alfresco Identity Service they don’t have to login again to access ACS, APS, or any ADF application.
This also applies to logout, which means that once a user is logged out of Alfresco Identity Service they are also automatically logged out of all other applications.
Alfresco Identity Service is implemented on top of JBoss Keycloak, which is both an Identity Provider (IdP) and a token issuer for OAuth 2 tokens. Keycloak deals with authentication, safety password storage, SSO, two factor authentication etc. Keycloak supports protocols such as OpenID Connect and SAML. Keycloak can store the user data in a variety of places, such as LDAP, Active Directory, and RDBMS.
Alfresco Identity Service is basically a wrapper around the JBoss Keycloak service.
The release of the following versions includes Mutual TLS Authentication by Default for Alfresco Repository and SOLR communications:Alfresco Content Services 188.8.131.52Alfresco Community Edition latest (and it will be released with 6.2.0-ga)Alfresco Search Services 184.108.40.206Alfresco Insight Engine 1.1.0.
Here's a brief overview of the new Alfresco Transform Service that is being introduced as an option for Alfresco Content Services (ACS) 6.1. It also includes evolutionary changes to the ACS Repository. For those that missed DevCon 2019 you can also refer to following slides Transforming Transformers.