So, in Alfresco Document Management Repository we are allowed to setup identity-server (like you have done in this codebase) that can be used to authenticate / authorise users to browse folders/ files etc. In the solution (that is skewed by Keycloak (style) as identity server), following checks are made on the bearer token:
Is token validate (this is done using the public key)
Note that we have a mandatory element of realm in the url, which can cause validation to fail as not all identity providers follow that pattern.
e.g. is Apereo CAS it is https://identity-server:port/cas/oidc
where cas can be context and oidc can be realm-name but they keyword realm has no place in the URL.
Idea is to make properties such that this matching criteria can be made flexible.
This will open the solution to no Keycloak identity providers that token validation could be whatever if offered by identity provider.
So, in Alfresco Document Management Repository we are allowed to setup identity-server (like you have done in this codebase) that can be used to authenticate / authorise users to browse folders/ files etc. In the solution (that is skewed by Keycloak (style) as identity server), following checks are made on the bearer token:
Note that we have a mandatory element of realm in the url, which can cause validation to fail as not all identity providers follow that pattern. e.g. is Apereo CAS it is https://identity-server:port/cas/oidc where cas can be context and oidc can be realm-name but they keyword realm has no place in the URL.
Idea is to make properties such that this matching criteria can be made flexible.
This will open the solution to no Keycloak identity providers that token validation could be whatever if offered by identity provider.
Thanks.