Authentication is one of the categories of the Content Services subsystem. An authentication subsystem is a coordinated stack of compatible components responsible for providing authentication and identity-related functionality to Content Services.
Content Services offers multiple implementations of the authentication subsystem, each engineered to work with one of the different types of back-end authentication server that you have available in your enterprise.
An authentication subsystem provides the following functions:
- Password-based authentication for web browsing, Microsoft SharePoint protocol, FTP, and WebDAV
- Web browser, Microsoft SharePoint protocol, and WebDAV Single Sign-On (SSO)
- User registry export (the automatic population of the user and authority database)
The main benefits of the authentication subsystem are:
- Subsystems for all supported authentication types are pre-wired and there is no need to edit template configuration.
- There is no danger of compatibility issues between sub-components, as these have all been pre-selected.
- Common parameters are shared and specified in a single place. There is no need to specify the same parameters to different components in multiple configuration files.
- There is no need to edit the web.xml file. The web.xml file uses generic filters that call into the authentication subsystem. The alfresco.war file is a portable unit of deployment.
- You can swap from one type of authentication to another by activating a different authentication subsystem.
- Your authentication configuration will remain standard and, therefore, more manageable to support.
- Authentication subsystems are easily chained
Note: Some authentication functions can only be targeted at a
single subsystem instance in the authentication chain. This is a restriction imposed by
the authentication protocols themselves. For this reason, Content Services targets these ‘direct’ authentication functions at the
first member of the authentication chain that has them enabled.