https://connect.hyland.com/t5/alfresco-archive/autenthication-questions/m-p/267575#M220705 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote">In a NTLM authentication environment, I expect that the web server or something in its side (IIS in a windows environment) will grab the user login and send it to the windows server that will validate the login. To get an SSO feature, we just need to set the browser to automatically send the data of the logged ion user. I think im not wrong so far…</BLOCKQUOTE><BR /><SPAN>NTLM support is native alfresco authentication (AlfrescoNTLM) … it does enable sso , but your machine credentials have to match the native alfresco credentials ( I believe you can set this with cookies) </SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote">In Alfresco we have AlfrescoNtlm. But does this has any relation with the NTLM scheme I described above? Because as far as i understood Alfresco will not use any windows server for the autentication in this scheme. Thus, in a sso approach, it is Alfresco that actually is validating the autoamtically sented data from the user against its database (and so, we must first add a user to the Alfresco database). Is this right?</BLOCKQUOTE><BR /><SPAN>Yes … users must already be in alfresco to be authenticated in this method. They can't be auto populated as the authentication method is look to alfreco for the credentials</SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote">Now, what if we configure another authentication mechanism in Alfresco, like ldap. If alfresco syncronizes with ldap it will get all the useres information from ldap server. In this way, will not users be automatically authenticated (because users information will alreday be inside alfresco database)? Or ldap syncronization will just import user information and not password, and thus we would need to set manually each password. If this is true, than I understand why passtru may be needed…</BLOCKQUOTE><BR /><BR /><SPAN>You can configure LDAP&nbsp; Authentication to a&gt; just authenticate (no sync) … or b&gt; synchronize account info&nbsp; (groups and users etc) …. You can configure either passthru or ldap or a combination of both … if synchronizing with an AD server and wanting SSO , you will require both.</SPAN><BR /><BR /><BR /><SPAN>Correct me if I'm wrong … I'm in the process of configuring the LDAP / Passthru with Sync … but it keeps tossing me errors (timestamp format … go figure) </SPAN><BR /><BR /><SPAN>M/soop</SPAN></BODY></HTML> Thu, 03 Mar 2011 14:17:27 GMT soop 2011-03-03T14:17:27Z https://connect.hyland.com/t5/alfresco-archive/autenthication-questions/m-p/267574#M220704 Hello,Im trying to understand the authentication mechanism/pipeline used in Alfresco. So, any help is appreciated.In a NTLM authentication environment, I expect that the web server or something in its side (IIS in a windows environment) will grab the user login and send it to the windows server that Thu, 03 Mar 2011 14:07:03 GMT https://connect.hyland.com/t5/alfresco-archive/autenthication-questions/m-p/267574#M220704 forumwebuser 2011-03-03T14:07:03Z https://connect.hyland.com/t5/alfresco-archive/autenthication-questions/m-p/267575#M220705 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote">In a NTLM authentication environment, I expect that the web server or something in its side (IIS in a windows environment) will grab the user login and send it to the windows server that will validate the login. To get an SSO feature, we just need to set the browser to automatically send the data of the logged ion user. I think im not wrong so far…</BLOCKQUOTE><BR /><SPAN>NTLM support is native alfresco authentication (AlfrescoNTLM) … it does enable sso , but your machine credentials have to match the native alfresco credentials ( I believe you can set this with cookies) </SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote">In Alfresco we have AlfrescoNtlm. But does this has any relation with the NTLM scheme I described above? Because as far as i understood Alfresco will not use any windows server for the autentication in this scheme. Thus, in a sso approach, it is Alfresco that actually is validating the autoamtically sented data from the user against its database (and so, we must first add a user to the Alfresco database). Is this right?</BLOCKQUOTE><BR /><SPAN>Yes … users must already be in alfresco to be authenticated in this method. They can't be auto populated as the authentication method is look to alfreco for the credentials</SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote">Now, what if we configure another authentication mechanism in Alfresco, like ldap. If alfresco syncronizes with ldap it will get all the useres information from ldap server. In this way, will not users be automatically authenticated (because users information will alreday be inside alfresco database)? Or ldap syncronization will just import user information and not password, and thus we would need to set manually each password. If this is true, than I understand why passtru may be needed…</BLOCKQUOTE><BR /><BR /><SPAN>You can configure LDAP&nbsp; Authentication to a&gt; just authenticate (no sync) … or b&gt; synchronize account info&nbsp; (groups and users etc) …. You can configure either passthru or ldap or a combination of both … if synchronizing with an AD server and wanting SSO , you will require both.</SPAN><BR /><BR /><BR /><SPAN>Correct me if I'm wrong … I'm in the process of configuring the LDAP / Passthru with Sync … but it keeps tossing me errors (timestamp format … go figure) </SPAN><BR /><BR /><SPAN>M/soop</SPAN></BODY></HTML> Thu, 03 Mar 2011 14:17:27 GMT https://connect.hyland.com/t5/alfresco-archive/autenthication-questions/m-p/267575#M220705 soop 2011-03-03T14:17:27Z