Company Intranets are becoming more widely used, Single-Sign-on (SSO) integration is key for successful adoption.
In this tutorial, we’ll show you how you can enable Single Sign-On on a Bitnami Alfresco Virtual Machine, to give it more of a SharePoint behaviour.
File Needed:
Download: Share-Config-Custom.xml
Basic Assumptions for this configuration:
Domain Controller Type: Windows 2008 R2
Domain Controller: domain-controller.mydomain.local
Domain: mydomain.local
Subnet: 192.168.1.0
Broadcast: 192.168.1.255
Server side configuration
Before any configuration changes Alfresco should be stopped (service bitnami stop). In the archive file there is a folder subsystem and share-config-custom-xml file.
Whole subsystem folder should be uploaded to following location:
/opti/bitnami/apache-tomcat/shared/classes/alfresco/extension
And the share-config-custom-xml file should be uploaded and overwritten on following location: /opti/bitnami/apache-tomcat/shared/classes/alfresco/web-extension
In file alfresco-global.properties at location /opti/bitnami/apache-tomcat/shared/classes/alfresco/ add following line: authentication.chain=passthru1:passthru,ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
Edit changes.properties at location /opti/bitnami/apache- tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1 to match your environment
ldap.authentication.java.naming.provider.url=ldap://domain-controller.mydomain.local:389 ldap.synchronization.java.naming.security.principal=AlfrescoAdmin@myadomain.local ldap.synchronization.java.naming.security.credentials=pa55alfresco # The group search base restricts the LDAP group query to a sub section of tree on the LDAP server. # (domain specific property) ldap.synchronization.groupSearchBase=ou\=SBSUsers,ou\=Users,ou\=MyBusiness,dc\=mydomain,dc\=local
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server. # (domain specific property) ldap.synchronization.userSearchBase=ou\=SBSUsers,ou\=Users,ou\=MyBusiness,dc\=mydomain, dc\=local
Edit file changes.properties at location /opti/bitnami/apache- tomcat/shared/classes/alfresco/extension/subsystems/Authentication/passthru/passthru1 and change the lines so they match your environment.
passthru.authentication.servers=mydomain\\192.168.1.1,192.168.1.1 passthru.authentication.domain=mydomain passthru.authentication.defaultAdministratorUserNames= AlfrescoAdmin
Here you define DC IP, AD domain and AD usernames you want to be admins when Alfresco starts. Admins can be also added over web.
Edit file changes.properties at location /opti/bitnami/apache- tomcat/shared/classes/alfresco/extension/subsystems/fileServers/default/default and change following lines so they match your environment.
filesystem.domainMappings=MYDOMAIN filesystem.domainMappings.value.MYDOMAIN.rangeFrom=192.168.1.0 filesystem.domainMappings.value.MYDOMAIN.rangeTo=192.168.1.255 cifs.domain=MYDOMAIN
cifs.urlfile.prefix=http://linux/share/ cifs.broadcast=192.168.1.255
Now the configuration of the Alfresco is done and you can start alfresco service (service bitnami start).
Client side configuration
SSO on Alfresco can only be used with Internet Explorer. Alfresco server should be inside Local intranet zone inside IE and Local security policy on eachcomputer should be changed to match following screenshot (Network Security Lan Manager Authentication Level).
Network Security Lan Manager Authentication Level – Local Security Policy
Alfresco can be reached on following address: http://server_name_OR_IP/alfresco