Use these instructions to configure external authentication using the configuration properties in the Admin Console.
- Open the Repo Admin Console.
- In the Directories section, click Directory Management. You see the Directory Management page.
-
In the Authentication Chain section, if no element of
type External exists in the authentication chain list,
follow the steps below to add a new External type element:
- Specify a name in the Name text box.
- Set type to External.
- Click Add.
- Click Save to add the new External type element in the authentication chain list.
-
In the Authentication Chain section, under
Actions, click Edit for the
External directory.
Note: You can only edit a directory after it has been added and saved. If you haven’t yet saved the entry, the only option available is Remove.
You see the Edit External Directory page.
-
Set the configuration properties.
Synchronization property Example setting What is it? Authentication Enabled Yes This enables the external directory user authentication. When enabled, Content Services accepts external authentication tokens; ensure that no untrusted direct access to Alfresco’s HTTP or AJP ports is allowed. Proxy Username alfresco-system This specifies the remote user that is considered as the proxy user. Note: The default setting for external.authentication.proxyUserName is alfresco-system. This should only be specified if you’re using SSL. Administrator User Names - This specifies a comma separated list of user names to be considered administrators by default. Proxy Header X-Alfresco-Remote-User This specifies the HTTP header that carries the name of a proxied user. The default is X-Alfresco-Remote-User. User ID Pattern - This specifies an optional regular expression used to extract a user ID from the HTTP header. The portion of the header matched by the first bracketed group in the regular expression becomes the user name. If not set, the entire header contents are assumed to be the proxied user name. - Click Save to apply the changes you’ve made to the External authentication directory. If you do not want to save the changes, click Close.