You are here

Working with proxies and clustering

Use this information to know about the limitations and recommendations when SAML SSO works with Alfresco behind a proxy.

Make sure that the IdP is accessible by the client applications. At a minimum, configure the alfresco.host, alfresco.port, and alfresco.protocol properties to use the correct values of the proxy server. For more information, see sysAdmin subsystem properties. For deploying Alfresco with a reverse proxy, see Deploying Alfresco with a different context path.

The limitations that apply to using web scripts with ticket authentication also applies to clustering for SAML usage. Make sure you have set up your load balancer correctly.

Recommendation for proxy:

In a production environment, for REST API and AOS, implement a setup with a reverse proxy in front of Alfresco. This reverse proxy is configured to block all API requests except those that you want to be let through, for example, CMIS. Such a setup needs to allow these requests:
  • /alfresco/service/saml/-default-/aos/authenticate
  • /alfresco/service/saml/-default-/aos/authenticate-response
  • /alfresco/service/saml/-default-/rest-api/authenticate
  • /alfresco/service/saml/-default-/rest-api/authenticate-response

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.