Authentication subsystem types - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

A number of alternative authentication subsystem types exist for the most commonly used authentication protocols. These are each identified by a unique type name.

The following table shows the authentication subsystem types supplied and the optional features they support.

Type Description Single Sign-On (SSO) support User registry entry
alfrescoNtlm Native Content Services authentication No No
ldap Authentication and user registry export through the LDAP protocol (for example, OpenLDAP) No Yes
ldap-ad Authentication and user registry export from Active Directory through the LDAP protocol No Yes
kerberos Authentication through a Kerberos realm Yes, SPNEGO No
external Authentication using an external SSO mechanism Yes No
identity-service Authentication using the Identity Service Yes No
Note: Support for Microsoft Office depends on the authentication mechanism provided by the external subsystem. See External authentication and SSO for more information.
Note: If you’re using a proxy (load balancer) with Kerberos authentication, either:
  • Use the external authentication subsystem and set up the proxy to implement kerberos
  • Set up the kerberos authentication subsystem and create the Service Principal Name (SPN) in Active Directory to include the proxy DNS name