Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco 4.1 external SSO Security

mstein
Champ in-the-making
Champ in-the-making

‎01-18-2013 12:34 PM

I'm hoping someone here has an answer for me, I'm working on enabling the external authentication subsystem and had some questions about security.

It seems that once the system is enabled, all Alfresco needs for SSO is a header. If that Alfresco was outward facing, anyone with malicious intent, could simply insert add the Remote-User header with the value admin and have at the repository. Is there a way to ensure that the header was included from my authenticating app and not otherwise injected?

If not, would my next step be to write a custom authentication subsystem?

Thanks in advance.
Labels:
0 Kudos
1 REPLY 1

mrogers
Star Contributor
Star Contributor

‎01-18-2013 01:30 PM

You need to make sure there is protection for your authentication tokens.   So alfresco should probably be behind a firewall that rips off any malicious tokens.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC