I'm trying to invoke Alfresco Core REST API with external authentication option enabled. Everything works, but I have found there is one thing I do not understand.
As indicated in the documentation, in the file alfresco-global.properties , the property
external.authentication.defaultAdministratorUserNames = admin
is a separated list of user names who should be considered administrators by default.
I expected that the services could be called with external authentication only if the credentials of one of the administrators were present in the Basic Auth of the request.
Instead it works in all cases.
For example, I can access the administrator's data by passing the credentials of any user in the Basic Auth and in the header X-Alfresco-Remote-User=admin.
So what is the meaning of that property? And isn't there a way to avoid this behavior?
One last thing.
If a username not present in the system is passed in the header, I noticed that it is automatically created even if I don't understand with what password. Can't we avoid this?
I forgot, I'm using Alfresco Community Edition 6.2.
Thanks for any help!