AnsweredAssumed Answered

SSO debug help for share (LDAP - SSO)

Question asked by jackjm on Feb 21, 2013
I was recently able to successfully integrate LDAP authentication with Alfresco. We would like  to add SSO so that we can logging in twice can be avoided. I am fairly new to this domain of system integration and would like to seek some advice. Here is what I have done so far and the respective findings; I will greatly appreciate any help.

1) I tried to use AlfrescoNTLM to get SSO working but it turns out I need to create dummy users with the same name to get things working. I would like to avoid this route since the system is in flux and this will eat up too much time.

However, setup was easy; I just had to add the alfrescoNTLM authentication subsystem to the filtering mechanism; add the respective properties in alfresco-global.properties and comment out the respective region in share-config-custom.xml as outlined in the documentation. When in access my share site through IE; the system brings up a dialog box and prompts for credentials. However, because of reasons stated in the previous paragraph; I decided to ditch this route.

2) To leverage LDAP and to get SSO working; I tried to get passthru working and here were the steps:

a) Modify authentication.chain in  alfesco-global.properties to:

authentication.chain=passthru1:passthru,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

b) Add the following passthru properties to alfresco-global.properties:

ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false
ntlm.authentication.ticketLogons = true

passthru.authentication.guestAccess=false
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=–server information—
passthru.authentication.defaultAdministratorUserNames=myadmin
passthru.authentication.protocolOrder=TCPIP,NetBIOS

c) Now when I visit localhost:8080/share; I am directly taken to the login page; it seems to me that the SSO mechanism has not kicked in at all. How can I debug errors that happen using passthru?

d) Is there any other way to get SSO working along with LDAP?

Here is the setup we are currently running:

Alfresco 4.0.d CE
Windows 2008 server

Any assistance will be greatly appreciated?

Thank you very much for your time

Outcomes