2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:applications:alfresco< / title >
< meta name = "generator" content = "DokuWiki" / >
2017-02-22 13:41:23 +01:00
< meta name = "robots" content = "index,follow" / >
2016-10-15 19:57:04 +02:00
< meta name = "keywords" content = "documentation,2.0,applications,alfresco" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "../lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "alfresco.html" / >
< link rel = "contents" href = "alfresco.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "../lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 : a p p l i c a t i o n s ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : a p p l i c a t i o n s : a l f r e s c o " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 : a p p l i c a t i o n s " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "../lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.js" > < / script >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#alfresco1" > Alfresco< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#llng" > LL::NG< / a > < / div > < / li >
< / ul >
< / li >
< li class = "level1" > < div class = "li" > < a href = "#other_resources" > Other resources< / a > < / div > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "alfresco" > Alfresco< / h1 >
< div class = "level1" >
< p >
< img src = "alfresco_logo.png" class = "mediacenter" alt = "" / >
< / p >
< / div >
<!-- EDIT1 SECTION "Alfresco" [1 - 71] -->
< h2 class = "sectionedit2" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
< a href = "https://www.alfresco.com/" class = "urlextern" title = "https://www.alfresco.com/" rel = "nofollow" > Alfresco< / a > is an ECM/BPM software.
< / p >
< p >
Since 4.0 release, it offers an easy way to configure < abbr title = "Single Sign On" > SSO< / abbr > thanks to authentication subsystems.
< / p >
< div class = "noteimportant" > If you use an older version, you need to refer to the following documentation: < a href = "https://wiki.alfresco.com/wiki/SSO" class = "urlextern" title = "https://wiki.alfresco.com/wiki/SSO" rel = "nofollow" > https://wiki.alfresco.com/wiki/SSO< / a >
< / div >
< / div >
<!-- EDIT2 SECTION "Presentation" [72 - 395] -->
< h2 class = "sectionedit3" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< / div >
<!-- EDIT3 SECTION "Configuration" [396 - 422] -->
< h3 class = "sectionedit4" id = "alfresco1" > Alfresco< / h3 >
< div class = "level3" >
< div class = "notetip" > The official documentation can be found here: < a href = "http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" class = "urlextern" title = "http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" rel = "nofollow" > http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html< / a >
< / div >
< p >
You need to find the following files in your Alfresco installation:
< / p >
< ul >
< li class = "level1" > < div class = "li" > < code > alfresco-global.properties< / code > (ex: < code > tomcat/shared/classes/alfresco-global.properties< / code > )< / div >
< / li >
< li class = "level1" > < div class = "li" > < code > share-config-custom.xml< / code > (ex: < code > tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml< / code > )< / div >
< / li >
< / ul >
< p >
2017-02-07 17:35:26 +01:00
The first will allow one to configure < abbr title = "Single Sign On" > SSO< / abbr > for the alfresco webapp, and the other for the share webapp.
2016-10-15 19:57:04 +02:00
< / p >
< p >
Edit first < code > alfresco-global.properties< / code > and add the following:
< / p >
< pre class = "code file java" > ### SSO ###
authentication.< span class = "me1" > chain< / span > < span class = "sy0" > =< / span > external1< span class = "sy0" > :< / span > external
external.< span class = "me1" > authentication< / span > .< span class = "me1" > enabled< / span > < span class = "sy0" > =< / span > < span class = "kw2" > true< / span >
external.< span class = "me1" > authentication< / span > .< span class = "me1" > defaultAdministratorUserNames< / span > < span class = "sy0" > =< / span >
external.< span class = "me1" > authentication< / span > .< span class = "me1" > proxyUserName< / span > < span class = "sy0" > =< / span >
external.< span class = "me1" > authentication< / span > .< span class = "me1" > proxyHeader< / span > < span class = "sy0" > =< / span > Auth< span class = "sy0" > -< / span > User
external.< span class = "me1" > authentication< / span > .< span class = "me1" > userIdPattern< / span > < span class = "sy0" > =< / span > < / pre >
< p >
Edit then < code > share-config-custom.xml< / code > and uncomment the last part. In the < code > < endpoint> < / code > , change < code > < connector-id> < / code > value to < code > alfrescoHeader< / code > and change the < code > < userHeader> < / code > value to < code > Auth-User< / code > :
< / p >
< pre class = "code file xml" > < span class = "sc3" > < span class = "re1" > < config< / span > < span class = "re0" > evaluator< / span > =< span class = "st0" > " string-compare" < / span > < span class = "re0" > condition< / span > =< span class = "st0" > " Remote" < / span > < span class = "re2" > > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < remote< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < keystore< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < path< span class = "re2" > > < / span > < / span > < / span > alfresco/web-extension/alfresco-system.p12< span class = "sc3" > < span class = "re1" > < /path< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < type< span class = "re2" > > < / span > < / span > < / span > pkcs12< span class = "sc3" > < span class = "re1" > < /type< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < password< span class = "re2" > > < / span > < / span > < / span > alfresco-system< span class = "sc3" > < span class = "re1" > < /password< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < /keystore< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < connector< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < id< span class = "re2" > > < / span > < / span > < / span > alfrescoCookie< span class = "sc3" > < span class = "re1" > < /id< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < name< span class = "re2" > > < / span > < / span > < / span > Alfresco Connector< span class = "sc3" > < span class = "re1" > < /name< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < description< span class = "re2" > > < / span > < / span > < / span > Connects to an Alfresco instance using cookie-based authentication< span class = "sc3" > < span class = "re1" > < /description< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < class< span class = "re2" > > < / span > < / span > < / span > org.alfresco.web.site.servlet.SlingshotAlfrescoConnector< span class = "sc3" > < span class = "re1" > < /class< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < /connector< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < connector< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < id< span class = "re2" > > < / span > < / span > < / span > alfrescoHeader< span class = "sc3" > < span class = "re1" > < /id< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < name< span class = "re2" > > < / span > < / span > < / span > Alfresco Connector< span class = "sc3" > < span class = "re1" > < /name< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < description< span class = "re2" > > < / span > < / span > < / span > Connects to an Alfresco instance using header and cookie-based authentication< span class = "sc3" > < span class = "re1" > < /description< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < class< span class = "re2" > > < / span > < / span > < / span > org.alfresco.web.site.servlet.SlingshotAlfrescoConnector< span class = "sc3" > < span class = "re1" > < /class< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < userHeader< span class = "re2" > > < / span > < / span > < / span > Auth-User< span class = "sc3" > < span class = "re1" > < /userHeader< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < /connector< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < endpoint< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < id< span class = "re2" > > < / span > < / span > < / span > alfresco< span class = "sc3" > < span class = "re1" > < /id< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < name< span class = "re2" > > < / span > < / span > < / span > Alfresco - user access< span class = "sc3" > < span class = "re1" > < /name< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < description< span class = "re2" > > < / span > < / span > < / span > Access to Alfresco Repository WebScripts that require user authentication< span class = "sc3" > < span class = "re1" > < /description< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < connector-id< span class = "re2" > > < / span > < / span > < / span > alfrescoHeader< span class = "sc3" > < span class = "re1" > < /connector-id< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < endpoint-url< span class = "re2" > > < / span > < / span > < / span > http://localhost:8080/alfresco/wcs< span class = "sc3" > < span class = "re1" > < /endpoint-url< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < identity< span class = "re2" > > < / span > < / span > < / span > user< span class = "sc3" > < span class = "re1" > < /identity< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < external-auth< span class = "re2" > > < / span > < / span > < / span > true< span class = "sc3" > < span class = "re1" > < /external-auth< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < /endpoint< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < /remote< span class = "re2" > > < / span > < / span > < / span >
< span class = "sc3" > < span class = "re1" > < /config< span class = "re2" > > < / span > < / span > < / span > < / pre >
< p >
You need to restart Tomcat to apply changes.
< / p >
< div class = "notewarning" > Now you can log in with a simple HTTP header. You need to restrict access to Alfresco to < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > .
< / div >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT4 SECTION "Alfresco" [423 - 3123] -->
2016-10-15 19:57:04 +02:00
< h3 class = "sectionedit5" id = "llng" > LL::NG< / h3 >
< div class = "level3" >
< p >
Just set the < code > Auth-User< / code > header with the attribute that carries the user login, for example < code > $uid< / code > .
< / p >
< p >
You can intercept the logout with this rule: < code > ^/share/page/dologout ⇒ logout_app_sso< / code >
< / p >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT5 SECTION "LL::NG" [3124 - 3336] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit6" id = "other_resources" > Other resources< / h2 >
< div class = "level2" >
< ul >
< li class = "level1" > < div class = "li" > < a href = "https://www.youtube.com/watch?v=5tS0XrC_-rw" class = "urlextern" title = "https://www.youtube.com/watch?v=5tS0XrC_-rw" rel = "nofollow" > DevCon 2012: Unlocking the Secrets of Alfresco Authentication, Mehdi Belmekki< / a > < / div >
< / li >
< / ul >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT6 SECTION "Other resources" [3337 - ] --> < / div >
2016-10-15 19:57:04 +02:00
< / body >
< / html >