Set SSO with client certificates - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

Use this information to set up SSO with client certificates.

  1. Setup Apache as proxy server in front of Content Services and configure it to use SSL as described in Secure Sockets Layer (SSL) and the Repository.
  2. Activate external authentication as described in Configure external authentication.
  3. To extend the SSL configuration in httpd.conf to request client authentication and forward the user name as HTTP header, add this configuration to the <VirtualHost> node:
     ```bash
     SSLVerifyClient         require
     SSLCACertificateFile    /path/to/your/enterprise-CA.pem
     RequestHeader           append  X-Alfresco-Remote-User  "%{SSL_CLIENT_S_DN_Email}e"
     ```
    

    This will accept all client certificates that have been signed by the CA identified by the certificate stored in enterprise-CE.pem. It will use the email address stored in this certificate as the user name.