Help

Configuring AOS to not use basic authentication

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cajova_houba
Active Member
‎27 Aug 2024 3:13 PM

Configuring AOS to not use basic authentication

Jump to solution

Hello,

we're using Alfresco Community 7. One of the features used is "Open file in [MS Office App]" in the Alfresco Share. Microsoft has started to block basic auth sign-in prompts, so we're unable to use this feature. Instead we have to download the file, edit it, save it, and upload it again. 

We've put the instance of Alfresco behind Keycloak and assumed this would then get picked by the AOS as well and instead of basic auth sign-in, user would be redirected to the Keycloak where he would perform sign-in. However, this is not the case and when opening word/excel/... documents, the MS Office application still uses basic auth.

I figured out this could be an AOS configuration issue, as it's the component of Alfresco responsible for interaction with MS Office, however, I wasn't able to find any information on this in AOS documentation.

So, my question is, what would be the correct way to solve this? There's a similar question but without any answer.  One of the responses to another question on this topic mentions changing Windows group policy settings as a workaround but we would rather use SSO.

Thanks in advance.

0 Kudos
2 Solutions

Accepted Solutions
michele123
Member II
‎31 Aug 2024 10:23 AM

Re: Configuring AOS to not use basic authentication

Jump to solution

Hello,

@cajova_houba kynectwrote:

Hello,

we're using Alfresco Community 7. One of the features used is "Open file in [MS Office App]" in the Alfresco Share. Microsoft has started to block basic auth sign-in prompts, so we're unable to use this feature. Instead we have to download the file, edit it, save it, and upload it again. 

We've put the instance of Alfresco behind Keycloak and assumed this would then get picked by the AOS as well and instead of basic auth sign-in, user would be redirected to the Keycloak where he would perform sign-in. However, this is not the case and when opening word/excel/... documents, the MS Office application still uses basic auth.

I figured out this could be an AOS configuration issue, as it's the component of Alfresco responsible for interaction with MS Office, however, I wasn't able to find any information on this in AOS documentation.

So, my question is, what would be the correct way to solve this? There's a similar question but without any answer.  One of the responses to another question on this topic mentions changing Windows group policy settings as a workaround but we would rather use SSO.

Thanks in advance.

To resolve the issue of Alfresco using basic authentication for MS Office integration even when behind Keycloak, it's essential to verify the correct configuration of both systems, including SSO settings and client credentials. Inspecting the AOS configuration for any specific settings related to MS Office integration is also crucial. If necessary, update Alfresco or AOS to the latest versions and consider third-party integrations for enhanced functionality. Additionally, consult the Alfresco community or support channels for tailored guidance and to address any network-related issues that might be affecting the communication between Alfresco, Keycloak, and MS Office.

View solution in original post

0 Kudos
franktucker907
Active Member
‎2 Sep 2024 9:21 AM

Re: Configuring AOS to not use basic authentication

Jump to solution

Hello,
Check AOS Configuration: Ensure that AOS is correctly configured to use Keycloak for authentication. This might involve updating the AOS configuration files to point to your Keycloak instance and ensuring that the necessary authentication protocols are supported.
Update AOS Version: Make sure you are using the latest version of AOS, as newer versions may have fixes or improvements related to SSO integration.    flyingtogether ual com
Keycloak Configuration: Verify that Keycloak is properly set up to handle SSO for your Alfresco instance. This includes ensuring that the correct client settings and redirect URIs are configured.
Windows Group Policy: While you prefer not to use this workaround, it’s worth noting that adjusting Windows Group Policy settings can sometimes help with SSO issues. Specifically, you might need to enable certain policies related to authentication and credential delegation.
Best Regards
franktucker907

View solution in original post

0 Kudos
3 Replies
michele123
Member II
‎31 Aug 2024 10:23 AM

Re: Configuring AOS to not use basic authentication

Jump to solution

Hello,

@cajova_houba kynectwrote:

Hello,

we're using Alfresco Community 7. One of the features used is "Open file in [MS Office App]" in the Alfresco Share. Microsoft has started to block basic auth sign-in prompts, so we're unable to use this feature. Instead we have to download the file, edit it, save it, and upload it again. 

We've put the instance of Alfresco behind Keycloak and assumed this would then get picked by the AOS as well and instead of basic auth sign-in, user would be redirected to the Keycloak where he would perform sign-in. However, this is not the case and when opening word/excel/... documents, the MS Office application still uses basic auth.

I figured out this could be an AOS configuration issue, as it's the component of Alfresco responsible for interaction with MS Office, however, I wasn't able to find any information on this in AOS documentation.

So, my question is, what would be the correct way to solve this? There's a similar question but without any answer.  One of the responses to another question on this topic mentions changing Windows group policy settings as a workaround but we would rather use SSO.

Thanks in advance.

To resolve the issue of Alfresco using basic authentication for MS Office integration even when behind Keycloak, it's essential to verify the correct configuration of both systems, including SSO settings and client credentials. Inspecting the AOS configuration for any specific settings related to MS Office integration is also crucial. If necessary, update Alfresco or AOS to the latest versions and consider third-party integrations for enhanced functionality. Additionally, consult the Alfresco community or support channels for tailored guidance and to address any network-related issues that might be affecting the communication between Alfresco, Keycloak, and MS Office.

0 Kudos
franktucker907
Active Member
‎2 Sep 2024 9:21 AM

Re: Configuring AOS to not use basic authentication

Jump to solution

Hello,
Check AOS Configuration: Ensure that AOS is correctly configured to use Keycloak for authentication. This might involve updating the AOS configuration files to point to your Keycloak instance and ensuring that the necessary authentication protocols are supported.
Update AOS Version: Make sure you are using the latest version of AOS, as newer versions may have fixes or improvements related to SSO integration.    flyingtogether ual com
Keycloak Configuration: Verify that Keycloak is properly set up to handle SSO for your Alfresco instance. This includes ensuring that the correct client settings and redirect URIs are configured.
Windows Group Policy: While you prefer not to use this workaround, it’s worth noting that adjusting Windows Group Policy settings can sometimes help with SSO issues. Specifically, you might need to enable certain policies related to authentication and credential delegation.
Best Regards
franktucker907

0 Kudos
cajova_houba
Active Member
‎10 Sep 2024 11:46 AM

Re: Configuring AOS to not use basic authentication

Jump to solution

Hi,

thank you for the suggestions, in my case the issue was outdated version of AOS (1.1.6). Upgrading AOS to 1.5.0 which is compatible with Alfresco Community 7.3 fixed the issue and when using "Edit in MS Office" action, the user is displayed Keycloak sign-in window.

 

Thank you very much!

0 Kudos
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.