acs-sso-example

Version: 1.3.1 Type: application AppVersion: 25.2.0

An example Chart to demonstrate how to compose your own Alfresco platform with SSO on kubernetes using a nthrid party Keycloak. if you’re familiar with Helm & Kubernetes taking a look at the values.yaml should be enough but the principals are also documented in two differents steps:

  • Composing your ACS from individual component charts we provide. Check the step by step documentation
  • SSO integration, to add keycloak and configure Alfresco applications accordingly: SSO guide

Note: this chart is just an example that can run on a localhost only. It ships ACS repo, the repository database, the message broker, the Keycloak IdP and front end applications (Share and Content app) & no other component.

:warning: All components have persistence disabled so all data is lost after a deployment is destroyed or rolled back!

Homepage: https://www.alfresco.com

Source Code

Requirements

Repository Name Version
https://alfresco.github.io/alfresco-helm-charts/ activemq 3.6.2
https://alfresco.github.io/alfresco-helm-charts/ alfresco-content-app(alfresco-adf-app) 0.2.2
https://alfresco.github.io/alfresco-helm-charts/ alfresco-repository 0.10.0
https://alfresco.github.io/alfresco-helm-charts/ alfresco-share 1.4.0
https://codecentric.github.io/helm-charts keycloakx 6.0.0
oci://registry-1.docker.io/bitnamicharts repository-database(postgresql) 13.4.0

Values

Key Type Default Description
activemq object check values.yaml Configure the ACS ActiveMQ message broker as per https://github.com/Alfresco/alfresco-helm-charts/tree/activemq-3.4.1/charts/activemq
alfresco-content-app object check values.yaml Configure the Alfresco Conent-app as per https://github.com/Activiti/activiti-cloud-common-chart/tree/8.2.0/charts/common
alfresco-repository object check values.yaml Configure the ACS repository as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-repository-0.1.3/charts/alfresco-repository
alfresco-share object check values.yaml Configure the Alfresco Share as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-share-0.3.0/charts/alfresco-share
global.known_urls list ["http://localhost"] list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform.
keycloakx object check values.yaml Configure the ACS Keycloak Identity provider as per https://github.com/codecentric/helm-charts/tree/keycloakx-2.3.0
keycloakx.admin.password string random ascii string Keycloak admin password. By default generated on first deployment, to get its value use:
kubectl get secrets keycloak -o jsonpath='{@.data.KC_BOOTSTRAP_ADMIN_PASSWORD}' | base64 -d
keycloakx.admin.realm[0] object {"clients":[{"attributes":{"display.on.consent.screen":false,"oauth2.device.authorization.grant.enabled":false,"oidc.ciba.grant.enabled":false,"use.refresh.tokens":false},"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"email":"admin@example.org","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}]} Alfresco Realm definition
keycloakx.admin.realm[0].users[0] object {"credentials":[{"type":"password","value":"secret"}],"email":"admin@example.org","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"} default Alfresco admin user
keycloakx.admin.realm[0].users[0].credentials[0].value string "secret" default Alfresco admin password
keycloakx.admin.username string "admin" Keycloak admin username
keycloakx.command list ["/opt/keycloak/bin/kc.sh","start","--hostname=http://localhost/auth","--hostname-backchannel-dynamic=true","--health-enabled=true","--http-enabled=true","--http-port=8080","--import-realm"] hostname-backchannel-dynamic is only needed if you want to use the backchannel authentication flow. This is needed when the client application can only access the Keycloak server via an internal hostname (such as localhost).
repository-database object check values.yaml Configure the ACS repository Postgres database as per https://github.com/bitnami/charts/tree/002c752f871c8fa068a770dc80fec4cf798798ab/bitnami/postgresql