You are here

Alfresco Process Services properties for Keycloak

Use this information to configure Process Services to authenticate via Keycloak.

Configure the activiti-identity-service.properties file using the below properties:

Note: A full list of Keycloak properties is also available.
Property Description Notes
keycloak.enabled Enable or disable Keycloak authentication. Required.
keycloak.realm Name of the realm configured in Keycloak. Required.
keycloak.auth-server-url Base URL of the Keycloak server. Will be in the format https://{server}:{port}/auth Required.
keycloak.ssl-required Whether communication to and from the Keycloak server is over HTTPS. Possible values are all for all requests, external for external requests or none. Important: this property needs to match the equivalent setting for Require SSL in your realm within the Keycloak administration console.
keycloak.resource The Client ID for the client created within your realm that points to Process Services. Required.
keycloak.principal-attribute The attribute used to populate the field UserPrincipal with. If this is null it will default to sub. Important: this property needs to be set to email to work with Process Services.
keycloak.public-client The adapter will not send credentials for the client to Keycloak if this is set to true. Optional.
keycloak.credentials.secret The secret key for this client if the access type is not set to public.  
keycloak.always-refresh-token The token will be refreshed for every request if this is set to true.  
keycloak.autodetect-bearer-only This should be set to true if your application serves both a web application and web services. It allows for the redirection of unauthorized users of the web application to the Keycloak login page, but send a HTTP 401 to unauthenticated SOAP or REST clients. Required.
keycloak.token-store The location of where the account information token is stored. Possible values are cookie or session. Required.
keycloak.enable-basic-auth Whether basic authentication is supported by the adapter. If set to true then a secret must also be provided. Optional.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.