search

Acosix / alfresco-keycloak

Alfresco addon to provide Keycloak-related extensions / customisations for Repository and Share
Apache License 2.0
36 stars 20 forks source link

Incompatible with ACS 7.4 #36

Open trodix opened 1 year ago

trodix commented 1 year ago

I tried to follow the documentation and I encounter some difficulties to install the module on Alfresco 7.4.

As mentioned in the issue #23 I had to use de.acosix.alfresco.utility.repo instead of de.acosix.alfresco.utility.core.repo

Then for applying the amps to the .war, I couldn't use directly :

RUN java -jar $TOMCAT_DIR/alfresco-mmt/alfresco-mmt*.jar install \
              $TOMCAT_DIR/amps $TOMCAT_DIR/webapps/alfresco -directory -nobackup -force

because de.acosix.alfresco.utility.core.repo need to be applied before de.acosix.alfresco.keycloak.repo

To do this, I did the following:

RUN java -jar $TOMCAT_DIR/alfresco-mmt/alfresco-mmt*.jar install \
              $TOMCAT_DIR/amps/de.acosix.alfresco.utility.repo-1.3.2.amp $TOMCAT_DIR/webapps/alfresco -nobackup -force -verbose

# Installation des amps
RUN java -jar $TOMCAT_DIR/alfresco-mmt/alfresco-mmt*.jar install \
              $TOMCAT_DIR/amps $TOMCAT_DIR/webapps/alfresco -directory -nobackup -force

After that, the module can be applied at image build and alfresco can start.

But I encounter an another error due to some transformer bean not present in the classpath. I remembered that alfresco 7.3+ had some breaking changes with that in particular.

As this error was caused by de.acosix.alfresco.keycloak.repo version 1.2.5 (the version mentioned in the documentation and used in the pom.xml)

I changed the version of de.acosix.alfresco.keycloak.repo from 1.2.5 to 1.3.2 (idk which version started to be compatible with acs 7.3+ so I took the last one)

But couldn't apply the amp de.acosix.alfresco.keycloak.repo because it requires de.acosix.alfresco.utility.core.repo version 1.2.5 as described in module.properties

I had to clone the project, change in module.properties the version from 1.2.5-* to 1.3.2 and in the parent pom.xml <acosix.utility.version>1.2.5</acosix.utility.version> to <acosix.utility.version>1.3.2</acosix.utility.version>

then mvn clean install and voilà.

The module is installing, the subsystem is starting and my users from Keycloak are sync into Alfresco!

Now I can login to Alfresco with mu users from Keycloak (but only with basic auth) tested with Postman. If I want to login to alfresco using a JWT bearer token provided by Keycloak, I have the following error:

http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/262a0ad3-961a-4af0-9b85-fdbc8b212ac9

{
    "error": {
        "errorKey": "framework.exception.ApiDefault",
        "statusCode": 401,
        "briefSummary": "10100052 Authorization 'bearer' not supported.",
        "stackTrace": "Pour des raisons de sécurité, le traçage de la pile n'est plus affiché, mais la propriété est conservée dans les versions précédente",
        "descriptionURL": "https://api-explorer.alfresco.com"
    }
}

Here is my subsystem configuration:

keycloak.authentication.enabled=true
keycloak.authentication.sso.enabled=true
keycloak.authentication.handlePublicApi=true
keycloak.authentication.allowTicketLogons=true
keycloak.authentication.allowHttpBasicLogon=true
keycloak.authentication.allowUserNamePasswordLogin=true
keycloak.authentication.mapAuthorities=true
keycloak.authentication.mapPersonPropertiesOnLogin=true

keycloak.synchronization.enabled=true

keycloak.adapter.auth-server-url=http://pc-dev-lx-svallet.cpage.fr:7080
#keycloak.adapter.forced-route-url=
keycloak.adapter.realm=ged
keycloak.adapter.resource=alfresco-repo
keycloak.adapter.credentials.secret=qV2bjh6THZawtJ801tLp80AKWvvC0Y7t
keycloak.adapter.verify-token-audience=true

So why can't I login with a bearer token to the alfresco repository?