Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mutual authentication

akring
Confirmed Champ
Confirmed Champ

‎01-13-2016 09:56 AM

When making REST calls to the Alfresco repository one can authenticate by using either basic authentication or by passing a ticket as a parameter in the URL.

Does anyone know if Alfresco has any plans about adding mutual authentication as a possiblity for authenticating in the future?

Regards
Andreas

Labels:
0 Kudos
3 REPLIES 3

resplin
Elite Collaborator
Elite Collaborator

‎02-04-2016 10:46 PM

Mutual authentication can mean a few different things in practice.

* You can upload your own SSL certificate to the Tomcat keystore that can be used to authenticate the Alfresco server to users logging in via SSL.
* The Alfresco authentication chain can be configured for external-auth, delegating the HTTP authentication requests to a third party that can implement whatever you need.
* Alfresco is working on a SAML module for Alfresco on-premise that can allow a 3rd party iDP to handle authentication. This includes Alfresco confirming the server identity (though a certificate) with the iDP. This module is currently planned to only be available for Enterprise Edition.

What are your requirements around mutual authentication?
0 Kudos

akring
Confirmed Champ
Confirmed Champ

‎02-05-2016 02:37 AM

When using the term mutual authentication I was thinking something like this: http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication

What we need to implement is something like this: we have an Alfresco Community 5.0.d running, and we would like to keep the users and groups in sync with user data from another (non-alfresco) server used by a large organization (LDAP is not an option in this case). We are going to do this in a "push" fashion by letting the other server perform REST calls to appropriate webscripts in Alfresco whenever user data are changed.

We are looking for a more secure way than just using basic authentication. If we setup SSL on the Alfresco server, we only have "one way security", i.e. the other server knows that it is talking to Alfresco, but Alfresco does not if the REST calls comes from the right place. This problem could be addressed by mutual authentication as described on the page linked to above.

Hope this makes is clearer - are there anyway we can obtain the security we are looking for?
0 Kudos

mrogers
Star Contributor
Star Contributor

‎02-05-2016 03:45 AM

You can also use the "external" authentication.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC