cancel
Showing results for 
Search instead for 
Did you mean: 

Allow SSO for internal access only.

jasonschroeder
Champ in-the-making
Champ in-the-making
We currently are running Alfresco 4.0 d on Windows server With iis redirecting to Tomcat. 

We are authenticating through Passthru with sso enable.  When I access our share installation from outside our network (ssl enabled site), Windows asks for domain authentication.  Once I cancel the request, I am able to log in to the main share log in screen.  I would like to change settingt so external users do do not receive a windows authentication prompt and go directly to the SHare authentication page.  AD account would then be entered to access the siteSeems like it is trying SSO all attempts to access.  Is it possible to have SSO only in place for access within our internal network?  (all users accessing through external ssl access would not be considered as part of sso rule.

Any help is appreciated.  Thanks Jason
1 REPLY 1

afaust
Legendary Innovator
Legendary Innovator
Hello,

I don't think this is possible with the out-of-the-box Alfresco, but it should be a comparatively simple exercise to implement a custom Share SSO filter, which checks for the users "origin network" before prompting for SSO credentials. This would require a custom implementation of the (Java) filter SSOAuthenticationFilter and potentially a custom HTTP header provided by your SSL gateway proxy server to check for.

Regards
Axel