AnsweredAssumed Answered

alfresco with apache mod_auth_mellon

Question asked by liku on Jan 18, 2019

Hello,

I have alfresco CE 5.1 on centos 7 with apache httpd as proxy. 

I would like to set up external authentication over saml2 with mod_auth_mellon. I installed mod_auth_mellon and tried to authenticate a simple application residing in the document root and it worked. But when I want to authenticate alfresco I am not able to.

When I set up metadata this way:

/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh https://alfresco.company.org/share https://alfresco.company.org/mellon

I set up that xml file to idp and configured httpd this way

 

   <Location “/”>
          MellonEnable auth
          MellonSPPrivateKeyFile /etc/httpd/mellon/my.key
          MellonSPCertFile /etc/httpd/mellon/my.cert
          MellonSPMetadataFile /etc/httpd/mellon/my.xml
          MellonIdPMetadataFile /etc/httpd/mellon/idp_metadata.xml
          MellonSamlResponseDump On
          MellonIDP "IDP"
          MellonEndpointPath /mellon
          RequestHeader set X-Alfresco-Remote-User %{R_U}e

        </Location>

        # AJP proxy
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/

According to alfresco manual I set up alfresco-global.properties and share-config.xml.

I do not know what endpoint setup because because alfresco app is not in directory structure.

Please, can you help me how to configure properly mod_auth_mellon?

Thanks a lot

Libor

Outcomes