The future of authentication - Codrin Chirica
This lighting talk will show how Alfresco is addressing the issues that are at the moment regarding authentication on our platform and what are the plans for the future.
Please be aware that this is subject to change even thought we try to follow the roadmap, sometimes priorities change.
4. Learn. Connect. Collaborate.
Authentication until now
• A challenge for customers to
configure
• ACS and APS need to be kept
in-sync with the central user
directory (e.g. LDAP sync)
6. Learn. Connect. Collaborate.
Authentication now
• Identity Service leverages the open source identity and access management
project Keycloak
• https://www.keycloak.org/
• Alfresco theme for login
7. Learn. Connect. Collaborate.
Authentication now
• It provides proof of identity, in the form of a standard token (JWT),
understood by:
– ACS REST APIs (v1) and CMIS
– APS REST APIs
– AGS REST API (v1)
– ADF
8. Learn. Connect. Collaborate.
Authentication now
• How to deploy ?
– The deployment artifact is the alfresco-identity-service Helm Chart
https://github.com/Alfresco/charts/blob/master/stable/alfresco-identity-service-
1.0.0.tgz
– Deployed, by default, as part of the alfresco-infrastructure Helm Chart
https://github.com/Alfresco/charts/blob/master/stable/alfresco-infrastructure-3.0.0.tgz
– To deploy, simply run …
helm install alfresco-stable/alfresco-infrastructure --version 3.0.0
19. Learn. Connect. Collaborate.
Authentication in the future
• DEPRECATE:
– User profiles in ACS will be deprecated (but not removed)
– The authentication chain will be deprecated (but still maintained)
20. Learn. Connect. Collaborate.
Authentication in the future
• Conclusions:
– If you have a new project, don't start and write your own authentication
chain subsystem, go to Alfresco Identity Service
21. Learn. Connect. Collaborate.
Authentication in the future
• Conclusions:
– If you have an extension to the authentication chain, then you can use
it but be informed that this will go away at some point in the future.