The Alfresco Identity Service has been available to use since ACS 6.0, APS 1.9, and ADF 2.4 product releases. In this article we will be using the following product versions: Identity Service 1.2, ACS 6.2.1, APS 1.11 and ADF 3.8.
This means that the applications that we are working with, such as ACS, APS, and ADF clients don’t have to deal with login forms and authentication. Once a user is logged into the Alfresco Identity Service they don’t have to login again to access ACS, APS, or any ADF application.
This also applies to logout, which means that once a user is logged out of Alfresco Identity Service they are also automatically logged out of all other applications.
Alfresco Identity Service is implemented on top of JBoss Keycloak, which is both an Identity Provider (IdP) and a token issuer for OAuth 2 tokens. Keycloak deals with authentication, safety password storage, SSO, two factor authentication etc. Keycloak supports protocols such as OpenID Connect and SAML. Keycloak can store the user data in a variety of places, such as LDAP, Active Directory, and RDBMS.
Alfresco Identity Service is basically a wrapper around the JBoss Keycloak service.