1

I want Alfresco to authenticate users using SSO with MIT Kerberos.

What authentication.chain should I use?

I tried authentication.chain=kerberos1:kerberos without success.

Based on this answer I have also set up an LDAP server containing the same users as MIT Kerberos, and tried with authentication.chain=kerberos1:kerberos;ldap1:ldap, but that does not work either.

Important lines of ldap1/ldap-authentication.properties:

ldap.authentication.active=true
ldap.synchronization.active=true

I always get CIFS server configuration error, Error creating bean with name 'globalAuthenticationFilter', even though I don't care about CIFS, only HTTP. In kerberos1/kerberos-authentication.properties I have kerberos.authentication.authenticateCIFS=false.

What am I doing wrong?
Do I maybe need passthru somehow?

Community
  • 1
Nicolas Raoul
  • 1,314
  • 7
  • 22
  • 43

1 Answers1

1

This chain should work:

authentication.chain=kerberos1:kerberos

but as far as I know MIT kerberos won't work out of the box with Alfresco kerberos authentication backend. You might need some additionnal config on the KDC

you can still use ldap if your KDC uses an LDAP directory as a backend and passthru would only work if you have samb along side with you kerberos.

alxgomz
  • 1,600
  • 1
  • 10
  • 14