Axel Faust

The assignment of roles on the Keycloak side of things should not have any impact on the default operation of the module. While my test setup contains a default role...

Ah, I usually don't deal with Shared pages, so have not included that in my tests. If the login button there redirects to an explicit login page request, it would...

That is to be expected. The alfrescoCookie connector and /wcs endpoints are essential for SSO handling towards the backend. as the /s endpoint is incapable of handling Keycloak tokens (or...

Having login page on explicit request is identical to how Alfresco handled this for all other SSO mechanisms, and this allows a local administrator to bypass SSO authentication in very...

The user federation / brokering with the SAML IdP / LDAP is a feature entirely handled within Keycloak itself. It would require looking at your Keycloak realm config for this...

Since the time of writing, AOS added support for OpenID Connect with the default Identity Services subsystem. When redirected to Keycloak. I have yet to adapt the alfresco-keycloak module to...

I have not had much time in the last year to work on compability of my modules with newer ACS release. But I have recently started to work on that...

I do generally accept pull requests when they comply with the general coding style / implementation approach present in the project, or suggest changes to help contributors get to that...

(That is not to say that I will not try to find time before that too, but I just have less time to spare)

What specific vulernability do you see in this case? Yes, when that header is set, it would affect the redirect URL sent to Keycloak in the token request. But if...