SSO

Document created by resplin Employee on Jun 6, 2015
Version 1Show Document
  • View in full screen mode

Obsolete Pages{{Obsolete}}

The official documentation is at: http://docs.alfresco.com



Authentication
2.x3.03.1

This page describes configuration methods prior to Alfresco Version 3.2. Refer to Alfresco Authentication Subsystems and Alfresco_With_mod_auth_cas for Alfresco Versions 3.2 and up.'

Alfresco provides support for Single Sign-on (SSO) across the application, including Alfresco Explorer, Alfresco Share, and CIFS. There are a number of approaches which may be used, depending on the requirements.


Built-in Support


Single Sign-on utilising NTLM or Kerberos may be set up via Alfresco's authentication services. For details, see SSO Configurations in Enterprise Security and Authentication Configuration.

Alfresco provides a generic HTTP Request Authentication Filter to support Single Sign-On services such as SiteMinder, IChains and many others. All those SSO solutions work by injecting an HTTP header that contains the User ID. To enable support simply locate the <ALFRESCO.WAR>/WEB-INF/web.xml file and replace the existing authentication filter:



   <filter>
      <filter-name>Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
      ...
   </filter>

With the following. Please customize the init parameters to suit your particular environment:



  <filter>
     <filter-name>Authentication Filter</filter-name>
     <filter-class>org.alfresco.web.app.servlet.HTTPRequestAuthenticationFilter</filter-class>

     <init-param>
        <param-name>httpServletRequestAuthHeaderName</param-name>
        <param-value>REMOTE_USER</param-value>
     </init-param>

     <init-param>
        <param-name>authPatternString</param-name>
        <param-value>.*</param-value>
     </init-param>
  </filter>

These instructions were tested against IBM Tivoli Access Manager 6.  The httpServletRequestAuthHeaderName parameter should be set to iv-user.


Third Party Solutions


A number of third party solutions are available to provide integration with other SSO providers.


Attachments

    Outcomes