How to set up Share with Identity Services?

cancel
Showing results for 
Search instead for 
Did you mean: 
ukdavo
Member II

How to set up Share with Identity Services?

I understand that Share 6.2 features integration with Identity Service. The documentation seems to be a bit light on this. Has anyone got this to work?

I've been able to get APS to work with Identity Service (using OpenLDAP). This seems to be fairly straightforward.

I believe that I should be able to use the SAML connector to connect to Identity Service. Does anyone have an example of the required configuration (saml.properties, Identity Service config, etc)?

One last thing. Am I right in thinking that even if I get authentication working, I'd still have to create the users within ACS using LDAP sync if users are based in an LDAP directory or using a custom solution if users are based on a non-LDAP based provider (e.g. AWS Cognito)?

Cheers

Mark

2 Replies
afaust
Master

Re: How to set up Share with Identity Services?

AFAIK Alfresco Share does NOT support Alfresco Identity Service in 6.2 - at least not out-of-the-box. Only the Alfresco Repository (ACS) supports Identity Service. That's the reason I have started writing my own support via my alfresco-keycloak addon.

As for still requiring an LDAP directory: I am working on the next version of my Keycloak integration which will be able to map users from authentication requests and sync users / groups directly from Keycloak without requiring an extra setup for LDAP (assuming all users / groups are known to Keycloak in advance).

You can integrate Alfresco with Identity Service / SAML without having LDAP synchronisation. This works just fine and users would be created ad-hoc - the only downside would be that those users would not have any details, e.g. email, first and last names, set as properties.

ukdavo
Member II

Re: How to set up Share with Identity Services?

Thanks Axel.

The info at https://docs.alfresco.com/sso/topics/saml.html seems to suggest that you can authenticate Share users via SAML against an identity provider. As Keycloak/IDS supports SAML, could we not use that as the identity provider?

Many thanks

Mark