SSO from third part application with kerberos enabled on Alfresco

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Member II

SSO from third part application with kerberos enabled on Alfresco

I am trying to login(thereafter search against the repository) from third party application against the kerberos enabled  alfresco through REST API.

Basic HTTP authentication is allowing me to do it but then it has its own negatives as I have to pass everything through the query parameters

But when I am trying to do through /alfresco/api/-default-/public/authentication/versions/1/tickets, it is giving me "Please log in" response in the browser, SSO is not happening that means. I have enabled CORS too in tomcat but I think that might not be the issue.

Is there a way we can do SSO from external application through REST API in a kerberos enabled alfrescos?

1 Reply
Highlighted
Master

Re: SSO from third part application with kerberos enabled on Alfresco

The tickets API that you are calling has been explicitly defined to not require pre-emptive authentication, i.e. via SSO. It always requires user/password authentication via request parameters. Given the current API design, you cannot obtain a ticket when using Kerberos SSO (from the client against a Kerberos-enabled Alfresco), but you "should" be perfectly capable of using all regular APIs with the same Kerberos authorisation header without having to obtain a ticket first.

I put "should" in quotes because supporting SSO in all possible combinations is something that has been a bit of a problem across various versions, so I am not 100% sure.