Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authenticating Without a Password (based off SDK example)

patorjk
Champ in-the-making
Champ in-the-making

‎09-20-2011 10:56 AM

I've setup Alfresco to work with an LDAP server, and I can login fine. My next step was to have the login page re-direct the LDAP webapp, which is an external login screen, and have the user login there and then be redirected back to Alfresco. The reason for this is because the LDAP webapp sets a cookie which other applications on the same domain use. However, doing it this way, I'd need to authenticate with the information inside of the cookie.

I'm using the CustomLoginBean example that comes with the Alfresco SDK as a starting point, and I can read the values from the cookie just fine (a user ID which equals their LDAP username and a key which is used to verify that they're logged in with the LDAP server), however, I'm not sure how to authenticate / login to Alfresco with that information. In the parent LoginBean.class file, I see this is done through the AuthenticationService, but that requires both a username and a password. Is there a way to authenticate and just pass along the username?

As a side note, the way this was done in the app I'm migrating from (which I inherited) was to have every user in the ECM system have the same password, and then have the login access points point to the LDAP webapp. The app would then use the cookie and the LDAP server to authenticate and then internally login the user in with the common password (though the user would never see this common password). This seems a bit hackish and I'd want to avoid it if possible, especially since Alfresco auto-syncs the users with LDAP.

Thanks for any assistance/advice/etc,

- Pat
Labels:
0 Kudos
1 REPLY 1

patorjk
Champ in-the-making
Champ in-the-making

‎09-22-2011 10:30 AM

So it's starting to look like doing it this way isn't possible.

I was looking into the External Authentication Subsystem, and saw the CAS guide, but that seems like overkill and I'm not sure I understand everything that's going on or why all of that is needed for my situation.

After poking around in the Exernal subsystem, I saw it uses "SimpleAcceptOrRejectAllAuthenticationComponentImpl", which overrides the authentication function. In that function it authenticates a user via a "setCurrentUser" function, but that relies on the value of "accept" being set to true. I grepped through the Alfresco source, and looked in the files under WEB-INF/classes/alfresco/subsystems/Authentication/external, but I couldn't find out how the setAccept function ever got called. After some googling I found this:

http://code.google.com/p/alfresco-container-security/source/browse/trunk/src/java/com/pararede/alfre...

It looks like they setup a filter that logs the user in via a SimpleAcceptOrRejectAllAuthenticationComponentImpl object where they explicitly call setAccept(true). I haven't tried this yet, but their wiki says the web.xml file needs to be edited, something an Alfresco Dev said in another post wasn't needed after Alfresco v3.2 (I'm using Enterprise v3.4.3). Is this the right avenue to go down?

I've heard another idea would be to write my own Authenticator subsystem, but I don't see any docs on that, and without knowing how the "setAccept" function gets called for the External subsystem, I feel like I'd be shooting in the dark.

Any thoughts? Anyone?

best,

- Pat
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC