Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

External Authentication with Alfresco Community Edition

parnold
Champ in-the-making
Champ in-the-making

‎07-28-2020 06:25 AM

Hello there,

I need any help I can get by setting up an external authentication with alfresco share.
This will be a longer post explaining what I have tried up until now and what my target setup should look like.

Resources
------------------------

  1. First I read the Alfresco documentation about authentication subsystems and the following chapters to get a grasp how it is configured.
  2. Then I tried to follow this Tutorial as close as I could

Current Test Setup
------------------------

  • LoadBalancer
    • terminates SSL
  •  Webserver (Linux)
    • httpd (http on port 80)
      • Reverse Proxy to keycloak and alfresco
      • httpd.conf with CAS configuration from resource 2.
    • Keycloak (http on port 8080)
      • CAS client
  • Application Server (Linux)
    • Alfresco 5.2  Tomcat (http on port 8080)
      • share-config-custom.xml configuration from resource 2. and disabled CSRF Token Filter
      • alfresco-global.properties configuration from resource 2.

Current result:

  • After beeing redirected to Keycloak and logged in there is a 504 Gateway Time-out
  • Nothing in the Alfresco Tomcat Logs

Instead of Keycloak I also tried using a HTTP Basic Auth in the httpd webserver
The results have been similar dissapointing:

  • After the Basic Auth dialog of the httpd, where I could authenticate another Basic Auth Popup from Alfresco pops up. This time the credentials are not accepted. When I cancel it I get redirected to the Login Page of "share"

I'd be grateful for any hint in the right direction, alternative working setups e.g. with shibboleth instead of keycloak or nginx instead of httpd

My current config files for reference
---------------------

  1.  httpd.conf (excerpt)
  2. alfresco-global.conf
  3. shared-config-custom.xml
Labels:
0 Kudos
4 REPLIES 4

THAUSSIG
Champ in-the-making
Champ in-the-making

‎08-10-2020 11:33 AM

I am facing the same issue with Alfresco Community 6.2.x . Anyone can help? Thanks in advance.

0 Kudos

joe_l3
Confirmed Champ
Confirmed Champ

‎04-29-2021 12:55 PM

Before working on the full stack, I suggest you to try access directly to alfresco share in order to make sure the externalAuth configuration is working. You can do that by using a Chrome header extension like ModHeader (or similar for Firefox). Open ModHeader settings and put this:

X-Alfresco-Remote-User=your_username

and go to http://alfresco_host:8080/share ...you should see the share dashboard page without login. To log more info append this on alfresco log4j.properties:

log4j.logger.org.alfresco.repo.security.authentication.external=DEBUG
log4j.logger.org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl=DEBUG
log4j.logger.org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService=DEBUG

LoneStar
Champ in-the-making
Champ in-the-making
In response to joe_l3

‎11-19-2022 12:39 PM

Hello,

I'm trying to do the same with ACS 7.2 (installed in docker with alfresco-docker-installer).

I understand that the thing I should do is adding to the JAVA_OPTS settings this:

...
services: 
   alfresco:
...
            JAVA_OPTS : '
...
               -Dauthentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
               -Dexternal.authentication.proxyUserName=
               -Dexternal.authentication.enabled=true
               -Dexternal.authentication.defaultAdministratorUserNames=admin
               -Dexternal.authentication.proxyHeader=X-Alfresco-Remote-User
           '
...

 Then for a testing I set a header in my browser with ModHeader as "X-Alfresco-Remote-User: <myusername>" and open the Share url for my instance (or /alfresco). But I keep getting the usual login screen as if nothing has changed.

There must be some step that I'm missing..?

Thanks in advance,

Luigi

0 Kudos

ayatullah
Champ in-the-making
Champ in-the-making

‎09-22-2021 11:23 PM

Hello,

i want to add the same functionality but i cannot find the tutorial you mentioned

https://blog.johanet.fr/single-sign-on-with-alfresco-share-and-keycloak/

di you have any other reference or sample code ?

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC