Obsolete Pages{{Obsolete}}
The official documentation is at: http://docs.alfresco.com
Authentication
2.x3.03.1
This page describes configuration methods prior to Alfresco Version 3.2. Refer to Alfresco Authentication Subsystems and Alfresco_With_mod_auth_cas for Alfresco Versions 3.2 and up.'
Alfresco provides support for Single Sign-on (SSO) across the application, including Alfresco Explorer, Alfresco Share, and CIFS. There are a number of approaches which may be used, depending on the requirements.
Built-in Support
Single Sign-on utilising NTLM or Kerberos may be set up via Alfresco's authentication services. For details, see SSO Configurations in Enterprise Security and Authentication Configuration.
Alfresco provides a generic HTTP Request Authentication Filter to support Single Sign-On services such as SiteMinder, IChains and many others. All those SSO solutions work by injecting an HTTP header that contains the User ID. To enable support simply locate the <ALFRESCO.WAR>/WEB-INF/web.xml file and replace the existing authentication filter:
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
...
</filter>
With the following. Please customize the init parameters to suit your particular environment:
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.HTTPRequestAuthenticationFilter</filter-class>
<init-param>
<param-name>httpServletRequestAuthHeaderName</param-name>
<param-value>REMOTE_USER</param-value>
</init-param>
<init-param>
<param-name>authPatternString</param-name>
<param-value>.*</param-value>
</init-param>
</filter>
These instructions were tested against IBM Tivoli Access Manager 6. The httpServletRequestAuthHeaderName parameter should be set to iv-user.
Third Party Solutions
A number of third party solutions are available to provide integration with other SSO providers.
