01-15-2019 01:03 PM
Hello everyone,
We have need to integrate Alfresco with Azure AD for users/groups synchronization and authentication. Just wondering if anyone had similar requirement and it was possible to do so. Basically I am trying to find answer for:
1) If it is possible to sync users and groups from Azure AD to Alfresco similar to what is possible with on-premise AD.
2) If it is possible to configure Azure AD authentication with Alfresco.
There is not much I can find from internet about this. I could come across following URL:
https://azuremarketplace.microsoft.com/en-in/marketplace/apps/aad.alfresco?tab=Overview
"GET IT NOW" button takes me to page:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on
As Alfresco supports SAML it may be possible to configure SAML based SSO with Azure AD but I am not able to find out any documentations specific to Alfresco.
Best regards,
Rajesh
01-16-2019 01:03 AM
You can use Azure AD just like an on-prem AD. The only thing you'd need to do is enable LDAPS access to your Azure AD, which is not enabled by default. Check the appropriate Azure docs for enabling LDAPS.
With Alfresco Enterprise you can setup SAML authentication with Azure AD easily. I have this running at a local customer who uses Azure AD to handle external users. Note that even without SAML as SSO, you can already authenticate against Azure once you have configured the LDAP-AD integration.
01-16-2019 01:03 AM
You can use Azure AD just like an on-prem AD. The only thing you'd need to do is enable LDAPS access to your Azure AD, which is not enabled by default. Check the appropriate Azure docs for enabling LDAPS.
With Alfresco Enterprise you can setup SAML authentication with Azure AD easily. I have this running at a local customer who uses Azure AD to handle external users. Note that even without SAML as SSO, you can already authenticate against Azure once you have configured the LDAP-AD integration.
01-17-2019 12:22 AM
Thanks a lot Axel. Now when we have confirmation that it is possible we will figure out next steps.
03-04-2019 06:26 AM
Hello Axel,
We are finally able to configure user and group sync from Azure AD. We are also able to setup SAML authentication against Azure AD enterprise application.
But we are having slight trouble when user tries to logout. We have configure IdP service URLs like following in Alfresco Admin console page:
We have identical URL for all three fields in metadata file. After logout it redirects user to
And after click of "Back to My Dashboard" button it takes user to user dashboard page without any login.
I am not sure if we are missing some configuration here but it seems logout is not really happening and also can we someone avoid share error page.
Best regards,
Rajesh
03-04-2019 01:58 PM
I remember hitting a similar error when we set this up at a customer, and it turned out we just had a configuration error in Azure config + Alfresco SAML config. Unfortunately I can't remember specifically what our mistake was, but you should check again if all the SAML login / logout URLs have been configured correctly both in Azure and Alfresco.
03-14-2019 02:55 PM
Thanks a lot Axel. After checking carefully we found followings in share.log:
2019-03-05 13:59:00,062 ERROR [org.alfresco.web.site] [http-apr-8080-exec-3] javax.servlet.ServletException: SAML LogoutResponse must be submitted using POST
It is rather obvious exception that after successful logout Azure AD sends logout response to Share Logout URL, but it should have been done using POST binding. Unfortunately I am not able to figure anyway in Azure AD to specify POST binding. Just hoping if this gives some hint for you to remember how you overcame this issue 🙂
09-05-2019 02:30 AM
Rajesh Jha we are blocked with the same issue you summarized. Were you able to fix the issue ?
09-05-2019 10:33 PM
Unfortunately not. We still have issue with logout.
09-06-2019 12:17 AM
Oh. If you don't mind answering, could you tell me if you still went with Azure AD SSO flow implementation and any workarounds you have in place for this logout issue ?
03-29-2023 10:50 AM
Hi, we are looking into this method now for SAML SSO with Azure AD and MFA. Wondering if any of the previous commenters from 2019 ever solved the problem with the logout issue. Thank you!
Explore our Alfresco products with the links below. Use labels to filter content by product module.