https://connect.hyland.com/t5/alfresco-archive/alfresco-4-1-external-sso-security/m-p/268825#M221955 <HTML><HEAD></HEAD><BODY><SPAN>You need to make sure there is protection for your authentication tokens.&nbsp;&nbsp; So alfresco should probably be behind a firewall that rips off any malicious tokens.</SPAN></BODY></HTML> Fri, 18 Jan 2013 18:30:27 GMT mrogers 2013-01-18T18:30:27Z https://connect.hyland.com/t5/alfresco-archive/alfresco-4-1-external-sso-security/m-p/268824#M221954 I'm hoping someone here has an answer for me, I'm working on enabling the external authentication subsystem and had some questions about security.It seems that once the system is enabled, all Alfresco needs for SSO is a header. If that Alfresco was outward facing, anyone with malicious intent, could Fri, 18 Jan 2013 17:34:00 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-4-1-external-sso-security/m-p/268824#M221954 mstein 2013-01-18T17:34:00Z https://connect.hyland.com/t5/alfresco-archive/alfresco-4-1-external-sso-security/m-p/268825#M221955 <HTML><HEAD></HEAD><BODY><SPAN>You need to make sure there is protection for your authentication tokens.&nbsp;&nbsp; So alfresco should probably be behind a firewall that rips off any malicious tokens.</SPAN></BODY></HTML> Fri, 18 Jan 2013 18:30:27 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-4-1-external-sso-security/m-p/268825#M221955 mrogers 2013-01-18T18:30:27Z