Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Autenthication questions

forumwebuser
Champ in-the-making
Champ in-the-making

‎03-03-2011 09:07 AM

Hello,

Im trying to understand the authentication mechanism/pipeline used in Alfresco. So, any help is appreciated.

In a NTLM authentication environment, I expect that the web server or something in its side (IIS in a windows environment) will grab the user login and send it to the windows server that will validate the login. To get an SSO feature, we just need to set the browser to automatically send the data of the logged ion user. I think im not wrong so far…

In Alfresco we have AlfrescoNtlm. But does this has any relation with the NTLM scheme I described above? Because as far as i understood Alfresco will not use any windows server for the autentication in this scheme. Thus, in a sso approach, it is Alfresco that actually is validating the autoamtically sented data from the user against its database (and so, we must first add a user to the Alfresco database). Is this right?

Now, what if we configure another authentication mechanism in Alfresco, like ldap. If alfresco syncronizes with ldap it will get all the useres information from ldap server. In this way, will not users be automatically authenticated (because users information will alreday be inside alfresco database)? Or ldap syncronization will just import user information and not password, and thus we would need to set manually each password. If this is true, than I understand why passtru may be needed…

thank you
Labels:
0 Kudos
1 REPLY 1

soop
Champ in-the-making
Champ in-the-making

‎03-03-2011 09:17 AM

In a NTLM authentication environment, I expect that the web server or something in its side (IIS in a windows environment) will grab the user login and send it to the windows server that will validate the login. To get an SSO feature, we just need to set the browser to automatically send the data of the logged ion user. I think im not wrong so far…

NTLM support is native alfresco authentication (AlfrescoNTLM) … it does enable sso , but your machine credentials have to match the native alfresco credentials ( I believe you can set this with cookies)

In Alfresco we have AlfrescoNtlm. But does this has any relation with the NTLM scheme I described above? Because as far as i understood Alfresco will not use any windows server for the autentication in this scheme. Thus, in a sso approach, it is Alfresco that actually is validating the autoamtically sented data from the user against its database (and so, we must first add a user to the Alfresco database). Is this right?

Yes … users must already be in alfresco to be authenticated in this method. They can't be auto populated as the authentication method is look to alfreco for the credentials

Now, what if we configure another authentication mechanism in Alfresco, like ldap. If alfresco syncronizes with ldap it will get all the useres information from ldap server. In this way, will not users be automatically authenticated (because users information will alreday be inside alfresco database)? Or ldap syncronization will just import user information and not password, and thus we would need to set manually each password. If this is true, than I understand why passtru may be needed…


You can configure LDAP  Authentication to a> just authenticate (no sync) … or b> synchronize account info  (groups and users etc) …. You can configure either passthru or ldap or a combination of both … if synchronizing with an AD server and wanting SSO , you will require both.


Correct me if I'm wrong … I'm in the process of configuring the LDAP / Passthru with Sync … but it keeps tossing me errors (timestamp format … go figure)

M/soop
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC