Home

Alfresco Explorer SSO is not working

You are here

5 posts / 0 new
Last post
Alfresco Explorer SSO is not working

I'm not sure what I'm missing, but I can't get SSO to work. I'm using Alfresco Community Edition 3.2r2 bundled with Tomcat.

The following works:

    1. AD users are imported without an issue
    2. I can login to Alfresco Explorer and Alfresco Share with AD credential without a problem
    3. Typing //192.168.1.100 in windows explorer will take me into Alfresco Repository, I can see Alfresco folders, without prompting me to login

Here are the issues I'm dealing with:

    1. Using Internet Explorer with URL http://192.168.1.100:8080/alfresco will prompt me for basic authentication login dialog. How do I get SSO to work in this case? What did I miss?

I spent a lot of time in the forum to see if anyone else has the same problem with me, but with no success. I really appreciate any help or pointer that I can get.

Here is my configuration

alfresco-global.properties

  authentication.chain=passthru1:passthru,ldap-ad1:ldap-ad

passthru/passthru1/ntlm-filter.properties

  ntlm.authentication.sso.enabled = true
ntlm.authentication.mapUnknownUserToGuest = false

passthru/passthru1/passthru-authentication-context.properties

  passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=vm008
 
passthru.authentication.guestAccess=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true

ldap-ad/ldap-ad1/ldap-ad-authentication.properties

  ldap.authentication.active = false
ldap.synchronization.active = true

Re: Alfresco Explorer SSO is not working

I made progress, I added the following to get SSO working on Alfresco Explorer:

Firefox:
type about:config in address bar
add [Alfresco Server IP Address] to network.automatic-ntlm-auth.trusted-uris;http://192.168.1.100:8080/alfresco

IE7:
- Click on Internet Options
- Security Tab
- Highlight "Local Intranet" icon.
- Click "Sites" button
- Uncheck Automatically detect intranet network, and make sure the last 3 checkboxes are checked.
- Click on "Advance" button
- Add [Alfresco Server IP Address] to the list. (http://192.168.1.100)

Unfortunately this is not documented in the Wiki which raised some questions:
Is this normal that you have to do extra configuration on both IE7 and Firefox to get NTLM pass-thru authentication to work? I can understand Firefox but IE?

If you have successfully configured SSO with NTLM pass-thru without these extra configuration, please let me know.

passthru/passthru1/passthru-authentication-context.properties

  passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=DOMAIN\\vm008,vm008 <======== Added Domain for IE7
 
passthru.authentication.guestAccess=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true

Re: Alfresco Explorer SSO is not working

Alfresco Share SSO + NTLM is also working now.

Placing the patch in $TOMCAT_HOME$/shared/classes does not work for me. So I injected the file into alfresco-web-framework-3.2r2.jar.

But I do still need an answer to my previous post's question.

Is this normal that you have to do extra configuration on both IE7 and Firefox to get NTLM pass-thru SSO to work?

Re: Alfresco Explorer SSO is not working

The resolution to the patch problem is covered here

http://forums.alfresco.com/en/viewtopic.php?f=47&t=24349&p=82483&hilit=share+ntlm#p82483

Yes, the configuration settings for different browsers are covered in the Wiki.

Re: Alfresco Explorer SSO is not working

Thank you for taking your time answering my question.

From the wiki:

Quote:
Internet Explorer will use your Windows logon credentials when requested by the web server when SSO is enabled. Firefox and Mozilla also support the use of NTLM but you need to add the URI to the Alfresco site that you want to access to network.automatic-ntlm-auth.trusted-uris option (available through writing about:config in the URL field) to allow the browser to use your current credentials for login purposes.

I was under the impression that IE will work right out of the box without additional configuration.

forums index