There are some limitations when using Microsoft SharePoint support, as provided by Alfresco Office Services, with the Alfresco external authentication subsystem. External authentication can work well when using a web browser client, but not when using the MS Office client. This is because no authentication information is sent with the file URL, and MS Office does not store authentication information, so starts a new authentication process.
An example of this is when using CAS. CAS authenticates using an HTML form and a web browser that follows an HTTP redirect. The web authentication works correctly, but MS Office authentication won’t work because it does not permit completion of the form. This problem is caused by the limited set of authentication protocols that MS Office supports.
MS Office supports the following authentication mechanisms:
- HTTP Basic
- HTTP Digest
- NTLM
- Kerberos
NTLM and Kerberos can be used in an SSO environment.
For more information about Alfresco Office Services limitations, see Alfresco Office Services documentation.