08-04-2020 09:16 AM
Hi everyone.
I'm trying to invoke Alfresco Core REST API with external authentication option enabled. Everything works, but I have found there is one thing I do not understand.
As indicated in the documentation, in the file alfresco-global.properties , the property
external.authentication.defaultAdministratorUserNames = admin
is a separated list of user names who should be considered administrators by default.
I expected that the services could be called with external authentication only if the credentials of one of the administrators were present in the Basic Auth of the request.
Instead it works in all cases.
For example, I can access the administrator's data by passing the credentials of any user in the Basic Auth and in the header X-Alfresco-Remote-User=admin.
So what is the meaning of that property? And isn't there a way to avoid this behavior?
One last thing.
If a username not present in the system is passed in the header, I noticed that it is automatically created even if I don't understand with what password. Can't we avoid this?
I forgot, I'm using Alfresco Community Edition 6.2.
Thanks for any help!
08-11-2020 09:27 AM
You have enabled external authentication, which means Alfresco is no longer responsible for authentication--that has been delegated to some other system.
Whatever is in X-Alfresco-Remote-User is the user that Alfresco is going to assume has already been authenticated by your external system.
In this configuration you need to make sure that all traffic to Alfresco goes through a proxy which is protected by whatever external auth system you've enabled.
Hope that makes sense and that I'm understanding your issue correctly.
01-04-2021 03:17 PM
Hi @jpotts ,
Thanks for the detail!
Have some questions:a) Can you please suggest what are the ways to protect the proxy by external auth system(ADFS).
b) If there is another mulesoft layer between custom UI and Alfresco server(with or without proxy) then how can the external authentication work via mulesoft(sample screenshot 1 attached)
The UI will make REST calls to mulesoft which has the api wrappers over alfresco REST apis. Also UI server can authenticate with mulesoft only via Oauth2 ,
Explore our Alfresco products with the links below. Use labels to filter content by product module.