AnsweredAssumed Answered

Logging on in Share based on HTTP headers

Question asked by kbonnet on Dec 3, 2009
Latest reply on Apr 29, 2010 by loftux
Hello Alfrescians,

I had the impression that Share logged users in based on the configured header, X-Alfresco-Remote-User by default. In my test setup i did the authentication with basic authentication. In the final setup we will be using Open A-Select.

Now it appears that Share is not logging in user based on the configurable header, but on the Authorization header, set by basic authentication. Can you confirm this?

When i let the Apache server in front of tomcat ask for basic authentication, i get logged into Share with the entered username. The password may differ from the password for that user in Alfresco. When i remove the basic authentication, Share is asking for credentials. I have tried to set the Authorization header myself, with mod_headers, but Share isnt picking that up, although it should be the only effect basic authentication had.

Does anyone know answers to the following questions:

    On what criteria is Share deciding to either show the login form or log in the user automatically? It has to do with basic authentication, but cannot be the only thing, because then setting the Authorization header should be sufficient.

    Will authentication based on a configurable header be part of future releases? It would be valuable to have the same authentication mechanisms for Alfresco Explore and Share.
Thanks for your thoughts.