Integrating APS and Keycloak in a Multi-Domain LDAP Environment

Blog Post created by Employee on Aug 28, 2018

Alfresco Process Services (APS) 1.9 provides support for authentication through Keycloak. The integration with Keycloak gives us access to many advanced Identity Provider features, such as SAML 2.0, oAuth, OpenID, Identity Brokering and User Federation. In this article, we will review the integration of APS, and AIS (Alfresco Identity Service) in a multi-domain LDAP environment.

With the introduction of AIS into the architecture, APS can now support authentication through multiple LDAP Domains, or other federated Identity Providers. However, in order to use APS integration with AIS, users are required to be preloaded in APS. Currently the APS-AIS Integration provided in APS 1.9 does not support user synchronization, so users will need to be loaded into APS via other means, such as the LDAP User Sync feature that APS supports.

In the following article: "User Synchronization in APS from Keycloak,"  I capture the technical details about synchronizing users and groups into APS from Keycloak. The article also includes a functional APS module that can be installed, or adapted to similar use cases.