AnsweredAssumed Answered

SSO with Active Directory

Question asked by agervino on Mar 1, 2013
Hi All,
I've an ubuntu server 9.10 with Alfresco Community v3.3.0 (2765) and I've integrated user authentication and synchronization with Microsoft Active Directory (Windws 2008).
The users use only Alfresco Explorer.
Now I need to apply Single Sign On for my client joined to Microsoft Domain:
- Clients in the Microsoft Domain –> enter a single password (domain password when they turn on PC) no password for alfresco
- clients not joined to the Domain –> enter a password when they want to connect to Alfresco.
Which is the best way to implement this configuration?

I've tried to configure SSO with passthru authentication:

In my alfresco-global.properties I've added/modified rows:


authentication.chain=passthru1:passthru,ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
passthru.authentication.domain=
passthru.authentication.servers=MyDomain\dc2 ,dc2,10.133.22.11
passthru.authentication.defaultAdministratorUserNames=ldap (??I don't understand if it's a domain user or local administrator alfresco)
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false
passthru.authentication.useLocalServer=false
ntlm.authentication.sso.enabled=true
ldap.authentication.active=false

but when I try to connect to Alfresco with a joined domain client (with alfresco explorer) I receive the following error:
"Failed to open passthru auth session"
and in the alfresco.log file I get:
11:32:49,038 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 10.133.7.11 (10.133.7.11:1203) SID:174BE6FE900AF3DBCFD9353B11D9A1C4
11:32:49,080 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
11:32:49,085 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Client domain null
11:32:51,164 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Processing request: /alfresco/wcservice/api/search/keyword/description.xml SID:null
11:32:51,164 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Found webscript with no authentication - set NO_AUTH_REQUIRED flag.
11:32:51,164 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Authentication not required (filter), chaining …

I also tried with kerberos authentication without successfull…., but I'm not sure that using kerberos the client  not joined to the domain are then able to connect to alfresco.

According to you ,which is the best way to implement this configuration?
If the best way is the passthru authentication, how can I solve my error?
Thanks a lot
Bye

Anna

Outcomes