SureNetwork and Nuxeo LTS-2025
This section details the integration between the SureNetwork microservice and the Nuxeo LTS-2025 platform. This modernization avoids the classloader and cookie security issues prevalent in the legacy Nuxeo 5.6 stack.
For the full platform integration — including Project Desktop, stack architecture, SureDrive vs SureArchive cards, and the platform roadmap — see SureNetwork for SureCentric.
🏗️ Build Status
As of 2026-04-13, the build status for the modernized stack is as follows:
| Component | Status | Artifact / Details |
|---|---|---|
| SureNetwork (Java 20) | ✅ SUCCESS | sn-nuxeo-lts-2023:latest Docker image built. |
| Nuxeo Server (Maven) | ✅ SUCCESS | Pinned to release 2025.12, commit cca344490e20f8f87bb550c4e5c27f04a3e273fa |
| Nuxeo Docker Image | ✅ SUCCESS | nuxeo-sc-2025:local — pushed to GCP as nuxeo-sc-2025:2025.12 |
Pull the Nuxeo 2025 image from the SC registry: us-east1-docker.pkg.dev/sc-internal/sc-docker/sureclinical/nuxeo-sc-2025:2025.12
🛠️ Step-by-Step Setup
1. Complete the Nuxeo Docker Build
Once the Maven distribution ZIP is produced, the Docker image must be built using the patched Dockerfile.surecentric. This Dockerfile is optimized for local development and does not require private Nuxeo Connect credentials.
# Prepare the build context
cd /Users/jetstart/dev/sureclinical/NuxeoBuilds/LTS-2025/docker/nuxeo
mkdir -p target/distrib
cp ../../server/nuxeo-server-tomcat/target/nuxeo-server-tomcat-*.zip target/distrib/
# Build the image
docker build \
--platform linux/amd64 \
-f Dockerfile.surecentric \
-t nuxeo-lts-2025:latest \
.
2. Configure Nuxeo-to-Network Connectivity
Nuxeo connects to SureNetwork for OAuth2 authentication and user profile resolution. This is configured via a runtime .conf file.
File: SC/nuxeo/conf.d/surenetwork.conf
# SureNetwork API Location
surenetwork.host=http://network-service:8880
# OAuth2 Credentials
surenetwork.client.id=sureclinical-web-client
surenetwork.client.secret=secret
🔄 Integration Workflow
The integration follows an "Identity-First" pattern where Nuxeo delegates identity and person lookup to SureNetwork:
- Authentication: Nuxeo's authentication provider calls the SureNetwork OAuth2
/oauth/tokenendpoint. - Profile Resolution: Upon successful login, Nuxeo fetches the user's research-specific profile from SureNetwork via
/persons/email/{email}. - Session Establishment: Nuxeo creates a native session based on the federated identity returned from SureNetwork.
This modern integration fixes the Secure cookie issue (where cookies were rejected over plain HTTP) and the NuxeoBeanLocator class isolation errors found in Nuxeo 5.6.