AnsweredAssumed Answered

Alfresco 4.2.f & liferay 6.2 GA2 single sing on (SSO)

Question asked by georgevincent on Sep 26, 2014
Alfresco tomcat instance running on 8080 and liferay running on 9090 port. I followed few links  to achive alfresco & liferay sso integration.

https://www.liferay.com/web/navin.agarwal11/blog/-/blogs/integration-with-alfresco-4-x-and-liferay-6-1
http://docs.alfresco.com/4.1/tasks/auth-alfrescontlm-sso.html
some more liks too but same result.

i copied share.war file to liferay deploy folder. Share-config-custom.xml file placed under liferay_home\apache-tomcat-7.0.55\shared\classes\alfresco\web-extension.
I am able to import active directory users with their groups in to alfresco and liferay. They are able to login in to both tools using active directory credential. But still i get alfresco share login page in liferay share browser repository. How do i achive alfresco & liferay SSO.


My configuration files as follows
Alfresco configuration as follows

Step 1:-
Renamed alfresco-global.properties.sample file in to alfresco-global.properties in
D:\Alfresco\apache-tomcat-7.0.55\shared\classes
alfresco-global.properties I updated properties

dir.root=D:/Alfresco/apache-tomcat-7.0.55/alf_data/contentstore
db.username=xxxxx
db.password=xxxxxx
db.driver=org.gjt.mm.mysql.Driver
db.url=jdbc:mysql://localhost/xxxxxxxxxx?useUnicode=yes&characterEncoding=UTF-8
alfresco.rmi.services.host=0.0.0.0
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
wcm-deployment-receiver.rmi.service.port=0
monitor.rmi.service.port=0
authentication.chain=alfinst:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
passthru.authentication.servers= xxxxxx\\xxxxxx.xxxxxxx.com
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true

Step2:-
Copied authentication subsystems files from
D:\Alfresco\apache-tomcat-7.0.55\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication
to
D:\Alfresco\apache-tomcat-7.0.55\shared\classes\alfresco\extension\subsystems\Authentication

Step3:-
Created new folders in to Authentication ldap-ad\ldap1 and passthru\passthru1
In ldap-ad-authentication. Properties file I’ve changed following properties
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@xxxxxx.com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://xxxxxxxxx.xxxxxxxx.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=xxxxxxxxxxxxx
ldap.synchronization.java.naming.security.credentials=yyyyyyyyyyy
ldap.synchronization.queryBatchSize=1000  
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=cn\=Users,dc\=wbmoore,dc\=com
ldap.synchronization.userSearchBase=cn\=Users,dc\=wbmoore,dc\=com
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=memberOf
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

Step4:-
passthru-authentication-context. Properties
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=Administrator,alfresco,admin
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NetBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
passthru.authentication.sessionCleanup=true

Step5:-
Restarted the server

Step6:-
I’ve set up network.authomatic-ntlm-auth.trusted-uris I in firefox browser


Liferay configuration details

Step7:-
share-config-custom.xml

I attached share-config-custom.xml as text file with this because i could not post xml code with this. please have a look at it.


Outcomes