1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:applications:alfresco</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,applications,alfresco"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="alfresco.html"/>
<link rel="contents" href="alfresco.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9:applications';var JSINFO = {"id":"documentation:1.9:applications:alfresco","namespace":"documentation:1.9:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#alfresco1">Alfresco</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#other_resources">Other resources</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="alfresco">Alfresco</h1>
<div class="level1">
<p>
<img src="alfresco_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Alfresco" [1-71] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://www.alfresco.com/" class="urlextern" title="https://www.alfresco.com/" rel="nofollow">Alfresco</a> is an ECM/BPM software.
</p>
<p>
Since 4.0 release, it offers an easy way to configure <abbr title="Single Sign On">SSO</abbr> thanks to authentication subsystems.
</p>
<div class="noteimportant">If you use an older version, you need to refer to the following documentation: <a href="https://wiki.alfresco.com/wiki/SSO" class="urlextern" title="https://wiki.alfresco.com/wiki/SSO" rel="nofollow">https://wiki.alfresco.com/wiki/SSO</a>
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [72-395] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [396-422] -->
<h3 class="sectionedit4" id="alfresco1">Alfresco</h3>
<div class="level3">
<div class="notetip">The official documentation can be found here: <a href="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" class="urlextern" title="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" rel="nofollow">http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html</a>
</div>
<p>
You need to find the following files in your Alfresco installation:
</p>
<ul>
<li class="level1"><div class="li"> <code>alfresco-global.properties</code> (ex: <code>tomcat/shared/classes/alfresco-global.properties</code>)</div>
</li>
<li class="level1"><div class="li"> <code>share-config-custom.xml</code> (ex: <code>tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml</code>)</div>
</li>
</ul>
<p>
The first will allow to configure <abbr title="Single Sign On">SSO</abbr> for the alfresco webapp, and the other for the share webapp.
</p>
<p>
Edit first <code>alfresco-global.properties</code> and add the following:
</p>
<pre class="code file java">### SSO ###
authentication.<span class="me1">chain</span><span class="sy0">=</span>external1<span class="sy0">:</span>external
external.<span class="me1">authentication</span>.<span class="me1">enabled</span><span class="sy0">=</span><span class="kw2">true</span>
external.<span class="me1">authentication</span>.<span class="me1">defaultAdministratorUserNames</span><span class="sy0">=</span>
external.<span class="me1">authentication</span>.<span class="me1">proxyUserName</span><span class="sy0">=</span>
external.<span class="me1">authentication</span>.<span class="me1">proxyHeader</span><span class="sy0">=</span>Auth<span class="sy0">-</span>User
external.<span class="me1">authentication</span>.<span class="me1">userIdPattern</span><span class="sy0">=</span></pre>
<p>
Edit then <code>share-config-custom.xml</code> and uncomment the last part. In the <code><endpoint></code>, change <code><connector-id></code> value to <code>alfrescoHeader</code> and change the <code><userHeader></code> value to <code>Auth-User</code>:
</p>
<pre class="code file xml"> <span class="sc3"><span class="re1"><config</span> <span class="re0">evaluator</span>=<span class="st0">"string-compare"</span> <span class="re0">condition</span>=<span class="st0">"Remote"</span><span class="re2">></span></span>
<span class="sc3"><span class="re1"><remote<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><keystore<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><path<span class="re2">></span></span></span>alfresco/web-extension/alfresco-system.p12<span class="sc3"><span class="re1"></path<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><type<span class="re2">></span></span></span>pkcs12<span class="sc3"><span class="re1"></type<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><password<span class="re2">></span></span></span>alfresco-system<span class="sc3"><span class="re1"></password<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"></keystore<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><connector<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><id<span class="re2">></span></span></span>alfrescoCookie<span class="sc3"><span class="re1"></id<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><name<span class="re2">></span></span></span>Alfresco Connector<span class="sc3"><span class="re1"></name<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><description<span class="re2">></span></span></span>Connects to an Alfresco instance using cookie-based authentication<span class="sc3"><span class="re1"></description<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><class<span class="re2">></span></span></span>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector<span class="sc3"><span class="re1"></class<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"></connector<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><connector<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><id<span class="re2">></span></span></span>alfrescoHeader<span class="sc3"><span class="re1"></id<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><name<span class="re2">></span></span></span>Alfresco Connector<span class="sc3"><span class="re1"></name<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><description<span class="re2">></span></span></span>Connects to an Alfresco instance using header and cookie-based authentication<span class="sc3"><span class="re1"></description<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><class<span class="re2">></span></span></span>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector<span class="sc3"><span class="re1"></class<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><userHeader<span class="re2">></span></span></span>Auth-User<span class="sc3"><span class="re1"></userHeader<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"></connector<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><endpoint<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><id<span class="re2">></span></span></span>alfresco<span class="sc3"><span class="re1"></id<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><name<span class="re2">></span></span></span>Alfresco - user access<span class="sc3"><span class="re1"></name<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><description<span class="re2">></span></span></span>Access to Alfresco Repository WebScripts that require user authentication<span class="sc3"><span class="re1"></description<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><connector-id<span class="re2">></span></span></span>alfrescoHeader<span class="sc3"><span class="re1"></connector-id<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><endpoint-url<span class="re2">></span></span></span>http://localhost:8080/alfresco/wcs<span class="sc3"><span class="re1"></endpoint-url<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><identity<span class="re2">></span></span></span>user<span class="sc3"><span class="re1"></identity<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"><external-auth<span class="re2">></span></span></span>true<span class="sc3"><span class="re1"></external-auth<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"></endpoint<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"></remote<span class="re2">></span></span></span>
<span class="sc3"><span class="re1"></config<span class="re2">></span></span></span></pre>
<p>
You need to restart Tomcat to apply changes.
</p>
<div class="notewarning">Now you can log in with a simple HTTP header. You need to restrict access to Alfresco to <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</div>
</div>
<!-- EDIT4 SECTION "Alfresco" [423-3119] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
<p>
Just set the <code>Auth-User</code> header with the attribute that carries the user login, for example <code>$uid</code>.
</p>
<p>
You can intercept the logout with this rule: <code>^/share/page/dologout ⇒ logout_app_sso</code>
</p>
</div>
<!-- EDIT5 SECTION "LL::NG" [3120-3332] -->
<h2 class="sectionedit6" id="other_resources">Other resources</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="https://www.youtube.com/watch?v=5tS0XrC_-rw" class="urlextern" title="https://www.youtube.com/watch?v=5tS0XrC_-rw" rel="nofollow">DevCon 2012: Unlocking the Secrets of Alfresco Authentication, Mehdi Belmekki</a></div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Other resources" [3333-] --></div>
</body>
</html>
|
