Support for JWT / OAuth SSO on Alfresco Community Content Repository
I am using Alfresco Community Content Repository as document storage for our Angular Application. The application is part of the ecosystem where in order to login into the Angular Application, Apereo CAS server (Authentication / Authorisation Server) provides us a JWT. This JWT is then appended into header as Bearer Token in order to access various microservices that reside behind Netflix Zuul Gateway.
I have added Alfresco Community Content Repository to the ecosystem and want to configure it such as that the existing token in the header allows access to REST APIs which I will use from Angular Application for document storage.
Is the above possible or not? Have I got a wrong end of the stick?
I have also looked at (https://github.com/dgradecak/alfresco-jwt-auth) for allowing Alfresco community repository to respect JWT in header and that worked fine. Problem in that identity service properties used for Alfresco Community Repository require a fixed set of minimum claims, where of the claim is 'iss' issuer of the token. The Alfresco Community repository expects token to have iss of the shape http(s)://<servername>:<port>/<context>/realms/<realm-name>. This is very much aligned with Keycloak (where realms are created under master realm). In other (including CAS Apereo) Authorisation Servers, realms are not within iss URL. According to (https://docs.alfresco.com/identity-service/1.2/tutorial/sso/saml/#step-6-configure-alfresco-content-...) Alfresco Community Repository defaults realms following (identity-service.realm=alfresco ), hence it becomes unusable for other identity services. Even if the realm is marked as blank the expected URL for iss is expected as http(s)://<servername>:<port>/<context>/realms/ which is unusable as realms still exists in URL.
Are there any solutions or work arounds to get around this issue?
It is shame the identity service properties is so strict and do not offer flexibility.
@daniel_gradecak recently did an Alfresco Tech Talk Live on Alfresco & JWT. It might be worth while watching a recording of this Tech Talk. Daniel is also leading a Hackathon project on this topic - again, it might be worth working with him on this project on June 16th, 2021.
Digital Community Manager, Alfresco Software. Problem solved? Click Accept as Solution!
Yes, I have been in communication with @daniel_gradecak and has been very helpful. Also I did go through his Blog as well as Webcast that are both useful
Issue is that some of the questions that I am asking are not directly relevant to his project and are relevant to Alfresco Community Respository directly and he has indicated to discuss those here on Alfresco Hub.
It would be useful if I can get some solutions or workarounds.