AFAIK Alfresco Share does NOT support Alfresco Identity Service in 6.2 - at least not out-of-the-box. Only the Alfresco Repository (ACS) supports Identity Service. That's the reason I have started writing my own support via my alfresco-keycloak addon.

As for still requiring an LDAP directory: I am working on the next version of my Keycloak integration which will be able to map users from authentication requests and sync users / groups directly from Keycloak without requiring an extra setup for LDAP (assuming all users / groups are known to Keycloak in advance).

You can integrate Alfresco with Identity Service / SAML without having LDAP synchronisation. This works just fine and users would be created ad-hoc - the only downside would be that those users would not have any details, e.g. email, first and last names, set as properties.

Thanks Axel.

The info at https://docs.alfresco.com/sso/topics/saml.html seems to suggest that you can authenticate Share users via SAML against an identity provider. As Keycloak/IDS supports SAML, could we not use that as the identity provider?

Many thanks

Mark

Due to issues with the notifications sent out by this platform, I often get reply notices where I cannot access a link to go back to the thread in question. Though it is already half a year later, I still want to reply to this as I see this SAML question pop up regularly. The SAML module for Alfresco is an Enterprise only module, not available for Alfresco Community, and it constitutes quite a quirky (and aggressive) workaround for not having native support for Identity Services in Share. Having worked with the SAML module at one Enterprise customer, I would caution against its use - at least we had to do a couple of fixes / patches to make it work in our scenario which required a combination of SAML and Kerberos for authentication of disparate user groups, which it does not support out-of-the-box.

Hi @afaust,

Hopefully this has now been fixed - this reply should be a good test  

@EddieMay indeed - compared to a notice I got just last week, this is now workable...

alfresco-global.properties

share-config-custom.xml

<!-- AIMS -->

<config evaluator="string-compare" condition="AIMS">
<enabled>true</enabled>
<realm>alfresco</realm>
<resource>alfresco</resource>
<authServerUrl>http://acs.alf.com/auth</authServerUrl>
<sslRequired>none</sslRequired>
<publicClient>true</publicClient>
<autodetectBearerOnly>true</autodetectBearerOnly>
<alwaysRefreshToken>true</alwaysRefreshToken>
<principalAttribute>email</principalAttribute>
<enableBasicAuth>true</enableBasicAuth>
</config>