I've been trying to get a definitive answer on what security zones the Repository Server needs to be in order to get SSO to work for Alfresco Office Services (AOS).
What we have to play with:
Local Intranet Zone - Here is where you normally put the repo server for SSO to work.
Trusted Sites - Here is where you need to put the repo server if you want to avoid the nagging warning message when opening an office file from Share.
Trusted sites, however, does not have "forward credentials" by default, and this is not something you can set for an individual site, and in Sysadmin in this case does not want to change that for all.
Some say that the server should be in both zones, such as this for Office365
I have also found this to avoid getting randomly prompted for credentials.
My problem is that whatever combination of adding Alfresco servers in different zones I've tested, it either warns or prompts for credentials when opening an office file.
So what combination of putting Alfresco servers in Security Zones have you used to get this working?