AnsweredAssumed Answered

Labs 3c + external AD auth + SSO... Need some direction

Question asked by meansartin14 on Dec 19, 2008
Latest reply on Jan 13, 2009 by meansartin14
Alfresco Platform:
   Alfresco Community Labs 3c
   Red Hat Enterprise Linux 5.2
   MySQL 5.0.45-community MySQL Community Edition (GPL) (NOTE: Came with RHEL 5.2)
   Tomcat 5.5.23 (comes with Alfresco)
   Java 6 Update 11 (jdk1.6.0_11)

End-user Workstations:
   OS: Windows XP Professional (majority are 32bit, but also a few 64bit)
   User Authentication: Active Directory (Windows Server 2003 R2)

Background/Goal:
We have upwards of 250 users in our area that all authenticate using Active Directory. We do not want/need to manage a separate set of login/password combinations for Alfresco, separate from the current PC login via Active Directory. Also, we would like to configure single sign-on (SSO) for our users so that they never have to login to Alfresco for CIFS or the Web UI.

So, in short, the end-goal is to have an Alfresco implementation where user authentication is performed against an external Active Directory server, and also have SSO for our users for both the CIFS and Web UI.

Issues/Questions:
It looks like we can use the Configuring the CIFS and web servers for Kerberos/AD integration instructions to allow what we want for user authentication.

But what about groups defined within Alfresco? If users are externally-authenticated (this would mean that the users don't actually exist in Alfresco, right?) then how can I add each user to one or more Alfresco-defined groups which then give them the privileges I want them to have from within Alfresco? Is this possible?

Am I approaching this right or is there a better way to accomplish what I want?

Outcomes