topic Re: Use alfresco ticket as authentication in external application in Alfresco Archive

Use alfresco ticket as authentication in external application

vbutacu — Mon, 05 Dec 2016 11:47:57 GMT

Hello,I developed a php application so there will be a link inside an alfresco dashlet wich points to my php page. I'd like to use the authenticated session of alfresco to authenticate the current user against my external app. I read a couple of articles about alfresco ticket authentication but it's

Re: Use alfresco ticket as authentication in external application

afaust — Mon, 05 Dec 2016 12:33:51 GMT

Alfresco can be configured with the external authentication subsystem just for this type of use case. The PHP application would need to set a HTTP header that the external subsystem reads to extract the user name. This approach can be secured technically by only allowing specific clients / hosts to pass in the header and use a proxy web server like HTTPd to control/remove the HTTP header accordingly before passing them on to Alfresco.

When the external authentication subsystem is used there should be no need to ever use ticket based authentication for the PHP application. The only requirement is that user identities are either identical in both applications or some kind of mapping exists in the PHP application.

Re: Use alfresco ticket as authentication in external application

vbutacu — Mon, 05 Dec 2016 13:38:28 GMT

Hello Axel and thank you for your reply. I already have ldap authentication on alfresco. What I'm aiming to achieve is some sort of comunication between the authenticated alfresco session and my external standalone php application so that once the users login into alfresco with their ldap account they don't need to insert again their username and password when they call the php application.

Re: Use alfresco ticket as authentication in external application

afaust — Mon, 05 Dec 2016 13:41:27 GMT

With "external authentication subsystem" I am actually referring to a special subsystem in Alfresco that allow an "external application" like your PHP app to provide the user name. I am not referring to LDAP as a subsystem that allows authentication against an external user registry. Please review the documentation about the "external" authentication subsystem.

Re: Use alfresco ticket as authentication in external application

vbutacu — Mon, 05 Dec 2016 13:57:45 GMT

I think you misunderstood what I'm looking for. I need alfresco to provide the username to my app and not viceversa.

Re: Use alfresco ticket as authentication in external application

afaust — Mon, 05 Dec 2016 14:01:28 GMT

You are right - I misunderstood that. Sorry about that.

One typical option might be for Alfresco to call the PHP app from the server-side before generating the link to pass the user identity on the server-side network and obtain a one-time token from the PHP app that can be included in the link, which the PHP app uses to store the passed details (for a limited amount of time).

But Alfresco ticket authentication is irrelevant in this case as well, so at least that part of my first response was appropriate.