Alfresco-Shibboleth SSO configuration

kintu_barot · ‎6 Feb 2019

I need to integrate Shibboleth with Alfresco Community 5.2 for SSO. I have installed Shibboleth SP(Service Provider) in my machine. Ideally Alfresco should redirect all the users to Idp (Identity Provider) URL from share/page, but I don't know what configurations I need to make for the same. I have already tried the External authentication and SSO | Alfresco Documentation

Thanks in Advance.

Kintu

Regards,
Kintu

idwright · ‎7 Feb 2019

It partly depends on how you want to configure your SSO - trying to put it as simply as possible, you can either authenticate before you get to share e.g. by configuring Apache, or you can modify share itself by changing the way that the filters are configured in web.xml by adding the appropriate jars/filters.

Either way you need request.getRemoteUser() to return the correct value.

(If you want log out as well then that's another level of complication)

If you look at GitHub - wrighting/alfresco-cas at ACE-5661 you can see how this is done for CAS SSO (this produces amps that modify the web.xml) - the principal should be the same if you replace the CAS client jars, and references in the web.xml with the shibboleth equivalent.

Good luck....

kintu_barot · ‎7 Feb 2019

Yes, I want to skip default login and directly want users to be authenticated at IDP.

I'll give it a try.

Thank You, Ian.

Regards,
Kintu