Presentation is loading. Please wait.

Presentation is loading. Please wait.

#SummitNow Alfresco Authentication and Synchronization Nov 2013 Mark Rogers.

Published byDale Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "#SummitNow Alfresco Authentication and Synchronization Nov 2013 Mark Rogers."— Presentation transcript:

1 #SummitNow Alfresco Authentication and Synchronization Nov 2013 Mark Rogers

2 #SummitNow

3 Introduction Configuration of Alfresco Authentication Synchronization Questions and Examples

4 #SummitNow Configuration of Alfresco JMX / Admin Console Extension Subsystem Over-rides alfresco-global.properties module/*/alfresco-global.properties Default settings Precedence

5 #SummitNow Authentication Who are you?

6 #SummitNow Authentication Who are you? Alfresco Share Alfresco Repository Other Applications

7 #SummitNow Alfresco Interfaces Alfresco Share Alfresco (Web App) Other Applications Alfresco Mobile Alfresco Cloud JAAS O.S. CMIS Web Scripts (HTTP) FTP WebDav CIFS NFS JCR RMI SOAP SPP

8 #SummitNow Alfresco Internal Authentication Who are you? Alfresco Share Alfresco Repository Alfresco User Store user://alfresco/userStore/system/people

9 #SummitNow Alfresco Authentication Type Internal (alfresco NTLM) ldap passthru external kerberos

10 #SummitNow Authentication Chain Who are you? Alfresco Repository internal:Internal ldap1:ldap ldap2:ldap 1 3 2

11 #SummitNow Who are you? LDAP Authentication Alfresco Share Alfresco Repository LDAP Directory (optional) lookup user id authenticate

12 #SummitNow Who are you? Passthru Authentication Alfresco Share Alfresco Repository Windows Domain 1 – Authenticate NTLM V1, NetBios, SMB

13 #SummitNow Who are you? LDAP Authentication Alfresco Share Alfresco Repository LDAP Directory (optional) lookup user id authenticate

14 #SummitNow External Authentication Who are you? Alfresco Share Alfresco Repository Other Applications Authentication System Authentication Token {X-Alfresco-Remote-User} F i r e w a ll

15 #SummitNow Kerberos Authentication Who are you? Alfresco Share Alfresco Repository Other Applications 3 - Service ticket {kerberos ticket} F i r e w a ll Kerberos TGS Kerberos KDC users & services : key 1 - Authenticate (user, pass) 2 - TGT

16 #SummitNow Synchronization What are this person’s details?

17 #SummitNow What are my/your details? LDAP Synchronization LDAP Directory Alfresco TYPE cm:person

18 #SummitNow LDAP Synchronization ldap/common-ldap-context.xml AlfrescoLDAP cm:userName${ldap.synchronization.userIdAttributeName} cm:firstName${ldap.synchronization.userFirstNameAttributeName} cm:lastName${ldap.synchronization.userLastNameAttributeName} cm:email${ldap.synchronization.userEmailAttributeName} cm:organization${ldap.synchronization.userOrganizationalIdAttributeName} cm:organizationId${ldap.synchronization.userOrganizationalIdAttributeName} cm:homeFolderProvidernull

19 #SummitNow Server Client NTLM v1 Who are you? (DOMAIN NAME, USERNAME, PASSWORD) DOMAIN NAME, USERNAME CHALLENGE (8 byte random) RESPONSE Windows Key Store Validate Hash GRANTED

20 #SummitNow Server Client NTLM v2 Who are you? (DOMAIN NAME, USERNAME, PASSWORD) DOMAIN NAME, USERNAME SERVER CHALLENGE ( 8 byte random) RESPONSE (HMAC-MD5, 8 byte CLIENT CHALLENGE) Windows Key Store Validate Hash 1 GRANTED Hash 2 Time Stamp, Server Name, Optional Values

21 #SummitNow Resources Alfresco Wiki http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems Alfresco Admin console http://localhost:8080/alfresco/service/enterprise/admin/admin- directorymanagement http://localhost:8080/alfresco/service/enterprise/admin/admin- directorymanagement Apache Directory Studio http://directory.apache.org/studio/ Microsoft NTLM documentation http://msdn.microsoft.com/en-us/library/cc236700.aspx

22 #SummitNow Questions and Answers

23 #SummitNow

Download ppt "#SummitNow Alfresco Authentication and Synchronization Nov 2013 Mark Rogers."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
JAAS AuthN Tokens in uPortal and Beyond or The JAAS Singer.

JAAS AuthN Tokens in uPortal and Beyond or The JAAS Singer.
Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.

Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Enterprise Single Sign On Identity management for web applications.

Enterprise Single Sign On Identity management for web applications.
Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |

Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |
Introduction to Kerberos Kerberos and Domain Authentication.

Introduction to Kerberos Kerberos and Domain Authentication.
Authenticating REST/Mobile clients using LDAP and OERealm

Authenticating REST/Mobile clients using LDAP and OERealm
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Authentication June 24/2003. Overview Terminology Local Passwords Early Password Services Kerberos Basics Tickets Ticket Acquisition Kerberos Authentication.

Authentication June 24/2003. Overview Terminology Local Passwords Early Password Services Kerberos Basics Tickets Ticket Acquisition Kerberos Authentication.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series 2008 - WebSEAL SSO, Session 1 Presented by: Andrew Quap.

TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.
Smart Card Single Sign On with Access Gateway Enterprise Edition

Smart Card Single Sign On with Access Gateway Enterprise Edition
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Slide Master Layout Useful for revisions and projector test  First-level bullet  Second levels  Third level  Fourth level  Fifth level  Drop body.

Slide Master Layout Useful for revisions and projector test  First-level bullet  Second levels  Third level  Fourth level  Fifth level  Drop body.

Similar presentations

Ads by Google