Alfresco Authentication Subsystems (Talk)

Document created by p_bodnar on Aug 5, 2014
Version 1Show Document
  • View in full screen mode

I guess, on community version 3.2, advanced ldap configuration don't work as explained. I had to include ldap parameters on alfresco-global-properties

Sufficient words about 'client domain'?

I miss at least a word or two about a restriction in processing the 'client domain' in the Passthru authentication. The restriction, as I see it, is that it really always is just the CLIENT domain (sent in NTLM type1). Which means that when a user sees a login popup and fills in a CUSTOM domain (sent in NTLM type3), that custom domain (or call it 'user domain') is ignored by Alfresco NTLM authentication mechanism. Moreover the domain, at least by tests undergone in our company, cannot even be modified on the client workstation ('dnsdomain' domain is used?).

Does someone agree that these things should be made more clear (explicit) in the documentation? Is it 'bug-by-design'? Is this problem already not that hot when using Kerberos instead of Passthru? Hopefully someone watches it in here, I'm still not sure whether to file a bug into the Alfresco Jira or use the Alfresco forum instead...

Explain purpose of 'example port config used to access remote Alfresco server'

The purpose of the 'example port config used to access remote Alfresco server' section for enabling Alfresco SSO Share configuration for 'Alfresco versions 4.0 (from 4.0.2) and 3.4 (from 3.4.9)' is not described and can confuse newcomers. The Share seems to be functioning even WITHOUT this section -> so is it OK to remove it from the example? What's the point of declaring endpoint with id=alfresco and later re-declare it with another one (using the alfrescoCookie connector)? Or isn't it a redeclaration? And finally, mixing the description and example with the new 'external authentication' feature can confuse quite a lot of people, IMHO. What do you think?

Thanks in advance for making this at least a little bit clearer.