Use alfresco ticket as authentication in external application

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
vbutacu
Active Member

Use alfresco ticket as authentication in external application

Jump to solution

Hello,

I developed a php application so there will be a link inside an alfresco dashlet wich points to my php page. I'd like to use the authenticated session of alfresco to authenticate the current user against my external app. I read a couple of articles about alfresco ticket authentication but it's not clear on how can I use this information inside php.

Let me give some details of what I need:

My php application does some stuff based on which user is currently calling it so I need alfresco to pass that information to the php app. The easiest way is to pass the username as parameter but this is not secure as somebody could just modify the parameter value inside the link. Is there an easy way to pass the username of the current logged user to an external app in a "hidden" manner?

1 Solution

Accepted Solutions
afaust
Master

Re: Use alfresco ticket as authentication in external application

Jump to solution

You are right - I misunderstood that. Sorry about that.

One typical option might be for Alfresco to call the PHP app from the server-side before generating the link to pass the user identity on the server-side network and obtain a one-time token from the PHP app that can be included in the link, which the PHP app uses to store the passed details (for a limited amount of time).

But Alfresco ticket authentication is irrelevant in this case as well, so at least that part of my first response was appropriate.

5 Replies
afaust
Master

Re: Use alfresco ticket as authentication in external application

Jump to solution

Alfresco can be configured with the external authentication subsystem just for this type of use case. The PHP application would need to set a HTTP header that the external subsystem reads to extract the user name. This approach can be secured technically by only allowing specific clients / hosts to pass in the header and use a proxy web server like HTTPd to control/remove the HTTP header accordingly before passing them on to Alfresco.

When the external authentication subsystem is used there should be no need to ever use ticket based authentication for the PHP application. The only requirement is that user identities are either identical in both applications or some kind of mapping exists in the PHP application.

vbutacu
Active Member

Re: Use alfresco ticket as authentication in external application

Jump to solution

Hello Axel and thank you for your reply. I already have ldap authentication on alfresco. What I'm aiming to achieve is some sort of comunication between the authenticated alfresco session and my external standalone php application so that once the users login into alfresco with their ldap account they don't need to insert again their username and password when they call the php application.

afaust
Master

Re: Use alfresco ticket as authentication in external application

Jump to solution

With "external authentication subsystem" I am actually referring to a special subsystem in Alfresco that allow an "external application" like your PHP app to provide the user name. I am not referring to LDAP as a subsystem that allows authentication against an external user registry. Please review the documentation about the "external" authentication subsystem.

vbutacu
Active Member

Re: Use alfresco ticket as authentication in external application

Jump to solution

I think you misunderstood what I'm looking for. I need alfresco to provide the username to my app and not viceversa.

afaust
Master

Re: Use alfresco ticket as authentication in external application

Jump to solution

You are right - I misunderstood that. Sorry about that.

One typical option might be for Alfresco to call the PHP app from the server-side before generating the link to pass the user identity on the server-side network and obtain a one-time token from the PHP app that can be included in the link, which the PHP app uses to store the passed details (for a limited amount of time).

But Alfresco ticket authentication is irrelevant in this case as well, so at least that part of my first response was appropriate.