Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Single Sign On using Windows Authentication

luminary_mb
Champ in-the-making
Champ in-the-making

‎08-27-2009 06:53 AM

Hi,

What is the simplest method to enable single sign on so that when users try to access the Alfresco web client, they are automatically logged in via their Windows login credentials? We would still like to maintain the list of users within Alfresco. What type of configuration is required to do this?

I am using Alfresco Enterprise 3.1 on a Linux Ubuntu server.

Thanks.
Labels:
0 Kudos
35 REPLIES 35

dward
Champ on-the-rise
Champ on-the-rise

‎09-14-2009 08:42 AM

That's correct.
0 Kudos

luminary_mb
Champ in-the-making
Champ in-the-making

‎09-14-2009 08:50 AM

So then its not really using my Windows credentials to log me in then? The only difference I see from the standard authentication to NTLM authentication is that NTLM authentication is bypassing the Alfresco Login page, as long as I've told the browser to remember my Alfresco username and password the first time I logged in.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-14-2009 09:06 AM

Yes it is. Your browser will respond to NTLM challenges with your cached password hash, so if if this matches Alfresco's it will work.

You need to make sure Alfresco is in the "local intranet" security zone for this to work.

I'm not trying to put this forward as an ideal solution. It's just the only scenario that would work with NTLM v2.
0 Kudos

luminary_mb
Champ in-the-making
Champ in-the-making

‎09-14-2009 11:58 AM

Its not really working for me this way. I have added the site to my list of 'Local intranet' sites, created a user in Alfresco which has my Windows username but a different password. Then when I try to access the Alfresco web client, when the Window for credentials pops up asking me for my username and password, it only accepts the password that I set when I created the user, and not my normal Windows password. It bypasses the Alfresco login page and takes me to my dashboard.

Technically single sign-on is working this way, but its just not using the Windows credentials. Unless Im missing something else here. Where does the 'cached password hash' come into this?
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-14-2009 12:06 PM

It's not going to work unless you set your password in Alfresco to be the same as your Windows password. IE is sending a hash of your Windows password to Alfresco.
0 Kudos

luminary_mb
Champ in-the-making
Champ in-the-making

‎09-14-2009 12:27 PM

Right OK I think I'm getting there now. So basically by storing the same password in the Alfresco database its just checking to see whether your Windows password is the same as your Alfresco password when you try to access the web client in order to grant you access.

So with this whole set up, when you try to access the web client, Internet Explorer is automatically sending your Windows username and password to the Alfresco server without you having to input these yourself, and obviously with your username and password in the Alfresco database it authenticates this for you. Starting to all make sense now!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC