https://connect.hyland.com/t5/alfresco-archive/associating-the-auth-ticket-with-a-resource-single-use/m-p/240536#M193666 <HTML><HEAD></HEAD><BODY><SPAN>I have a custom application that is calling into Alfresco to retrieve the documents from Alfresco. The custom client manages all the user authentication and authorization and interfaces with Alfresco using a single login. We are using webscripts to do the login and search. I would like to ensure that users cannot access Alfresco documents that are not presented to them via the application by trying to pass a different filename in the GET. </SPAN><BR /><BR /><SPAN>I noticed that the authentication-services-context.xml has a few properties under ticketComponent for ticketsExpire, oneOff, and expiryMode. I tried setting ticketsExpire to true and oneOff to true, too. Setting oneOff to true seems to cause issues on the web UI. In some cases I keep prompted for the login on every click. Is there a way to specify expiryMode etc… as part of the webscript call so that the user cannot use the same ticket to get a different document? Or, is there a different way to achieve this?</SPAN><BR /><BR /><SPAN>TIA</SPAN></BODY></HTML> Tue, 24 Nov 2009 16:58:03 GMT shikarishambu 2009-11-24T16:58:03Z https://connect.hyland.com/t5/alfresco-archive/associating-the-auth-ticket-with-a-resource-single-use/m-p/240536#M193666 I have a custom application that is calling into Alfresco to retrieve the documents from Alfresco. The custom client manages all the user authentication and authorization and interfaces with Alfresco using a single login. We are using webscripts to do the login and search. I would like to ensure tha Tue, 24 Nov 2009 16:58:03 GMT https://connect.hyland.com/t5/alfresco-archive/associating-the-auth-ticket-with-a-resource-single-use/m-p/240536#M193666 shikarishambu 2009-11-24T16:58:03Z https://connect.hyland.com/t5/alfresco-archive/associating-the-auth-ticket-with-a-resource-single-use/m-p/240537#M193667 <HTML><HEAD></HEAD><BODY><SPAN>If you didn't use a proxy account you would not need to jump through hoops.&nbsp;&nbsp; </SPAN><BR /><BR /><SPAN>Can you get some sort of SSO working between your application and alfresco?</SPAN></BODY></HTML> Tue, 24 Nov 2009 17:14:44 GMT https://connect.hyland.com/t5/alfresco-archive/associating-the-auth-ticket-with-a-resource-single-use/m-p/240537#M193667 mrogers 2009-11-24T17:14:44Z https://connect.hyland.com/t5/alfresco-archive/associating-the-auth-ticket-with-a-resource-single-use/m-p/240538#M193668 <HTML><HEAD></HEAD><BODY><SPAN>The reason why we decided to use a proxy account rather than have user accounts in Alfresco is our application/ solution treats ECM as a pluggable component. So, we want the ability to manage access to the documents in our application (and, not have it replicated/ setup in the different ECM flavors that are out there). I realize that it does not make full use of an ECM's capabilities. </SPAN><BR /><BR /><SPAN>I could possibly get a SSO solution in place but it still will have to be a proxy/service account. I do think this is a valid integration scenario - accessing an external resource through a single service account. What I am trying to achieve is nothing more than stopping a replay attack in case of a web/ web service application.</SPAN><BR /><BR /><SPAN>Thanks</SPAN></BODY></HTML> Tue, 24 Nov 2009 19:26:04 GMT https://connect.hyland.com/t5/alfresco-archive/associating-the-auth-ticket-with-a-resource-single-use/m-p/240538#M193668 shikarishambu 2009-11-24T19:26:04Z