Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication via client certificate

aleksandarm
Champ in-the-making
Champ in-the-making

‎09-24-2014 04:28 AM

Hello,

we have a requirement that the users should be able to authenticate using 
client certificates. Users only have access to Share application.

To accomplish this, so far, we have done the following customizations/extensions:

1. A custom share page is defined, with authentication set to none, in order to bypass standard user-name/password login page.
2. Server(Tomcat) is configured to trigger authentication via CLIENT-CERT authentication method, when this page is accessed.
3. Root certificate is imported into .truststore, so all client certificates can be validated and accepted.
4. Each of these client certificates maps to username that exists in Alfresco repository.

Now, when username is available, is it possiblile, and how would you suggest to authenticate user using only a username.
Is there some API that is available within share application contex, (some equivalent of AuthenticationUtil avaliable in repo)
that can be used to authenticate user using only a username.

If anyone had similar use case, any suggestion or advice would be much appreciated.
Labels:
0 Kudos
3 REPLIES 3

angelborroy
Community Manager Community Manager
Community Manager

‎09-24-2014 04:58 AM

We've done something similar by extending SSO mechanism and passing username to SSOAuthenticationFilter.

It would be a way to accomplish your development.
Hyland Developer Evangelist
0 Kudos

aleksandarm
Champ in-the-making
Champ in-the-making
In response to angelborroy

‎09-25-2014 10:20 AM

Thanks for the reply,
I'l follow your suggestion and look into this mechanism.
0 Kudos

aleksandarm
Champ in-the-making
Champ in-the-making

‎10-02-2014 07:30 AM

Angel Borroy, thanks again for your suggestion, it was very useful

In case that someone ever find it useful, we ended up doing the following:
5. Custom share filter is defined, which adds HttpRequest header containing user name extracted from certificate,
  and passes it further down the filter chain. In a way, this filter within share appliication acts like an external
  authentication system 
6. External authentication is configured on the repo, and the way how Share passes authentication
  information to the Repo is customized according to  https://devcon.alfresco.com/sanjose/sessions/unlocking-secrets-alfresco-authentication



0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC