Kerberos SSO with ADF

cancel
Showing results for 
Search instead for 
Did you mean: 
ivanovpavel1983
Active Member

Kerberos SSO with ADF

Hello.

Has anyone got an example of using SSO authentication with Alfresco Development Framework?

In share and alfresco webdav we use this functionality.

Thanks!

9 Replies
eugenio_romano
Alfresco Employee

Re: Kerberos SSO with ADF

With Kerberos you don't need to log in, so I guess you need to remove or change the authguard in the router

ivanovpavel1983
Active Member

Re: Kerberos SSO with ADF

No, this does not work. And AuthGuard (https://issues.alfresco.com/jira/browse/ADF-2435) doesn't work...

eugenio_romano
Alfresco Employee

Re: Kerberos SSO with ADF

DId you get a look to this issue ADF on SSO enabled ACS  with my suggestions they where able to make it works

ivanovpavel1983
Active Member

Re: Kerberos SSO with ADF

Yes, but in this case, if you delete the old ticket from browser, there will be a redirect to login page.

This is obviously not SSO ))

eugenio_romano
Alfresco Employee

Re: Kerberos SSO with ADF

Is the ADF authGuard that redirect you to the login page, if you don't have it there will be no redirect.

1)You can write your own authguard that implement your logic

or

2) you can add a listener in the main app that if receive 401, because the ticket is deleted, redirect you where is needed

this.alfrescoApiService.getInstance().on('unauthorized', (error) => {
        this.router.navigate(['/navigate-where-you-need']);
    }
});
ivanovpavel1983
Active Member

Re: Kerberos SSO with ADF

"if you don't have it there will be no redirect" - in this case will be an error 401

The application should receive a new ticket, but it doesn't have it.

eugenio_romano
Alfresco Employee

Re: Kerberos SSO with ADF

Honestly, I am a bit confused, if you are using kerberos the new ticket should not be automatically provided?

The KDC issues a (TGT) if the TGT expires at some it should be transparently renewed by the user's session manager while they are logged in. How do you delete the ticket from the browser?

ivanovpavel1983
Active Member

Re: Kerberos SSO with ADF

We have enabled logging, and have this error:

Any ideas?

ivanovpavel1983
Active Member

Re: Kerberos SSO with ADF

And this log is from share:

It's ok.