Bitnami Alfresco 4.0 Active Directory Single Sign-On Setup

Posted byITS ADMIN Knowledge, Reading

Company Intranets are becoming more widely used, Single-Sign-on (SSO) integration is key for successful adoption.

In this tutorial, we’ll show you how you can enable Single Sign-On on a Bitnami Alfresco Virtual Machine, to give it more of a SharePoint behaviour.

 

File Needed:
Download: Share-Config-Custom.xml

 

Basic Assumptions for this configuration:

Domain Controller Type: Windows 2008 R2

Domain Controller: domain-controller.mydomain.local

Domain: mydomain.local

Subnet: 192.168.1.0

Broadcast: 192.168.1.255
Server side configuration

Before any configuration changes Alfresco should be stopped (service bitnami stop). In the archive file there is a folder subsystem and share-config-custom-xml file.

Whole subsystem folder should be uploaded to following location:

/opti/bitnami/apache-tomcat/shared/classes/alfresco/extension

And the share-config-custom-xml file should be uploaded and overwritten on following location: /opti/bitnami/apache-tomcat/shared/classes/alfresco/web-extension

In file alfresco-global.properties at location /opti/bitnami/apache-tomcat/shared/classes/alfresco/ add following line: authentication.chain=passthru1:passthru,ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm

Edit changes.properties at location /opti/bitnami/apache- tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1 to match your environment

ldap.authentication.java.naming.provider.url=ldap://domain-controller.mydomain.local:389 ldap.synchronization.java.naming.security.principal=AlfrescoAdmin@myadomain.local ldap.synchronization.java.naming.security.credentials=pa55alfresco
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
# (domain specific property) ldap.synchronization.groupSearchBase=ou\=SBSUsers,ou\=Users,ou\=MyBusiness,dc\=mydomain,dc\=local

# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
# (domain specific property) ldap.synchronization.userSearchBase=ou\=SBSUsers,ou\=Users,ou\=MyBusiness,dc\=mydomain, dc\=local

Edit file changes.properties at location /opti/bitnami/apache- tomcat/shared/classes/alfresco/extension/subsystems/Authentication/passthru/passthru1 and change the lines so they match your environment.

 

passthru.authentication.servers=mydomain\\192.168.1.1,192.168.1.1 passthru.authentication.domain=mydomain passthru.authentication.defaultAdministratorUserNames= AlfrescoAdmin

Here you define DC IP, AD domain and AD usernames you want to be admins when Alfresco starts. Admins can be also added over web.

Edit file changes.properties at location /opti/bitnami/apache- tomcat/shared/classes/alfresco/extension/subsystems/fileServers/default/default and change following lines so they match your environment.

filesystem.domainMappings=MYDOMAIN filesystem.domainMappings.value.MYDOMAIN.rangeFrom=192.168.1.0 filesystem.domainMappings.value.MYDOMAIN.rangeTo=192.168.1.255 cifs.domain=MYDOMAIN

cifs.urlfile.prefix=http://linux/share/ cifs.broadcast=192.168.1.255

Now the configuration of the Alfresco is done and you can start alfresco service (service bitnami start).

 

 

Client side configuration

SSO on Alfresco can only be used with Internet Explorer. Alfresco server should be inside Local intranet zone inside IE and Local security policy on eachcomputer should be changed to match following screenshot (Network Security Lan Manager Authentication Level).

Network Security Lan Manager Authentication Level – Local Security Policy

Alfresco can be reached on following address: http://server_name_OR_IP/alfresco

Leave a Reply

Your email address will not be published.

×