I've been looking high and low trying to find steps to configure alfresco with remote authentication using apache ldap module. essentially passing REMOTE_USER from apache to alf after authenticating. I am able to configure where i can successfully log into /alfresco explorer, however, /share does not log me in. Has anyone experienced/solved this issue?
i have 1) setup apache for the ldap mod (which works since i get automatcially logged into /alfresco)
2) setup ajp entry for both /alfresco and /share in apache.
# Alfresco Explorer ProxyPass /alfresco ajp://127.0.0.1:8009/alfresco ProxyPassReverse /alfresco ajp://127.0.0.1:8009/alfresco
6) in share-config-custom.xml, i have put in the suggested xml entries below:
<alfresco-config>
<!– Repository Library config section –> <config evaluator="string-compare" condition="RepositoryLibrary" replace="true"> <!– Whether the link to the Repository Library appears in the header component or not. –> <visible>true</visible> </config>
<config evaluator="string-compare" condition="Remote"> <remote> <endpoint> <id>alfresco-noauth</id> <name>Alfresco - unauthenticated access</name> <description>Access to Alfresco Repository WebScripts that do not require authentication</description> <connector-id>alfresco</connector-id> <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url> <identity>none</identity> </endpoint>
<endpoint> <id>alfresco</id> <name>Alfresco - user access</name> <description>Access to Alfresco Repository WebScripts that require user authentication</description> <connector-id>alfresco</connector-id> <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url> <identity>user</identity> </endpoint>
<endpoint> <id>alfresco-feed</id> <name>Alfresco Feed</name> <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description> <connector-id>http</connector-id> <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url> <basic-auth>true</basic-auth> <identity>user</identity> </endpoint>
<endpoint> <id>activiti-admin</id> <name>Activiti Admin UI - user access</name> <description>Access to Activiti Admin UI, that requires user authentication</description> <connector-id>activiti-admin-connector</connector-id> <endpoint-url>http://localhost:8080/alfresco/activiti-admin</endpoint-url> <identity>user</identity> </endpoint> </remote> </config>
<connector> <id>alfrescoCookie</id> <name>Alfresco Connector</name> <description>Connects to an Alfresco instance using cookie-based authentication</description> <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class> </connector>
<endpoint> <id>alfresco</id> <name>Alfresco - user access</name> <description>Access to Alfresco Repository WebScripts that require user authentication</description> <connector-id>alfrescoCookie</connector-id> <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url> <identity>user</identity> <external-auth>true</external-auth> </endpoint> </remote> </config>
I don't have an answer to your question, but I am curious…What are the benefits of taking this approach over configuring Alfresco to authenticate against LDAP (which then automatically works for both /alfresco and /share)?
we want use shibboleth mod in apache which passes Remote_user. to keep things simple we are using ldap for now. In theory , if we can make this work, then we should be able to use shib. We are close. We just need to know how to config /share
