Hyland Connect

dbiggins · ‎10-31-2014

Good Morning!
I am trying to determine what SSO with IMAP looks like.

We have a 4.2f CE environment in which SSO with kerberos against AD appears to be working well. We can have we browsers go to https://server.my.com/alfresco and https://server.my.com/share and they will be logged in correctly without being prompted for their credentials. For webdav, we can have someone point their browser to https://server.my.com/alfresco/webdav/Sites, and they don't get prompted for their credentials.

When I am setting up an imap connection in my outlook client, I specify the Incoming mail server as the alfresco server, and the account type as IMAP. I get prompted for credentials, and when I enter them, I am able to connect to my mount points as expected, but should I have to provide the credentials? Does IMAP via outlook support SSO?

Thanks for the brain share!

Dan

mrogers · ‎10-31-2014

Unfortunately I don't think the IMAP extension to allow kerberos authentication is implemented in alfresco.

dbiggins · ‎10-31-2014

Thanks for the quick followup!

Based on what I'm reading, it seems like I should be able to get the sharepoint connectivity to be SSO as well, right?

I'm having a few problems, but I assume it's because I have to get my jetty cert signed and my windows 7 clients authentication defaults set, vs this being not possible.

Dan

approveme · ‎11-11-2014

1) SSO doesn't work with POP or IMAP and numerous third party application (adwords, etc). It relys on the cached Gmail password, or you can enable two factor authentication and set a password in Gmail for these applications.This requires maintenance of two passwords defeating the security of SSO for email.

2) Secondary email accounts (service, group) redirect to crowd. This requires a domain account referencing them which is shared among users. This is a PCI violation as we've discovered. Looking to create a subdomain within GMail to bypass Crowd authentication. No luck so far. Thoughts?