You are here

Managing SAML SSO

If you're a network administrator you can configure Security Assertion Markup Language (SAML) in Alfresco so that Alfresco can be included in your Single Sign-On (SSO) network.

Alfresco uses SAML (2.0) to set up an SSO. SAML standards define an XML-based framework for describing and exchanging security information between identity providers (IdPs) and service providers (SP).

This security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries can trust. SAML is based on a trust relationship between an IdP and an SP (in this case Alfresco) who agree to share authentication information; metadata, and configuration information that is required to access services.

See the OASIS SAML V2.0 website for more information on SAML specifications.

Alfresco uses Web Browser SSO and Single-Logout (SLO) profiles. Once the network administrator configures SAML, all users for a given network can access Alfresco.

To set up SSO for Alfresco, the identity provider (for example, PingFederate) and the service provider (Alfresco Share) need to be configured.

The diagram below explains the exchange of information between Alfresco and an IdP.

Note: Alfresco only supports HTTP POST binding; other bindings, such as HTTP redirect. HTTP artifact and SOAP are not supported.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.