AnsweredAssumed Answered

NTLM SSO with Alfresco Explorer: Login form appears

Question asked by nicolasraoul on Oct 21, 2013
Latest reply on Apr 6, 2015 by rubengerad
Hello all,

I only need SSO to test a CMIS client software.

I installed Alfresco Community 4.2d on a Windows Server 2012 that also runs Active Directory, and is the domain server.

I executed the few steps below, then restarted Alfresco, directed Internet Explorer to Alfresco (still logged in as Administrator, directly on the AD server), and… a login/password popup appears. What did I do wrong?

Everything I did, step-by-step:

1) Installed Alfresco
2) Created folder tomcat\shared\classes\alfresco\extension\subsystems\Authentication
3) Under this folder, created folders ldap-ad\ldap-ad1 and passthru\passthru1
4) Added "authentication.chain=passthru1:passthru,ldap-ad1:ldap-ad" to alfresco-global.properties
5) Created tomcat\shared\classes\alfresco\extension\subsystems\Authentication\passthru\passthru1\changes.properties with this content:


passthru.authentication.useLocalServer=true
passthru.authentication.domain=
passthru.authentication.servers=
ntlm.authentication.sso.enabled=true
alfresco.authentication.allowGuestLogin=false
ntlm.authentication.mapUnknownUserToGuest=true
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false
passthru.authentication.guestAccess=true
passthru.authentication.defaultAdministratorUserNames=Administrator


6) Created tomcat\shared\classes\alfresco\extension\subsystems\Authentication\ldap-ad\ldap-ad1\ldap-ad-authentication.properties with this content:


ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@aegif.local
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://themachine:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=Administrator@aegif.local
ldap.synchronization.java.naming.security.credentials=iwrotethepasswordhere
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=cn=Users,dc=aegif,dc=local
ldap.synchronization.userSearchBase=cn=Users,dc=aegif,dc=local
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

Outcomes