You are here

Setting SSO with client certificates

Use this information to set up SSO with client certificates.
  1. Setup Apache as proxy server in front of Alfresco Content Services and configure it to use SSL as described in Configuring SSL for a production environment.
  2. Activate external authentication as described in Configuring external authentication.
  3. To extend the SSL configuration in httpd.conf to request client authentication and forward the user name as HTTP header, add this configuration to the <VirtualHost> node:

    SSLVerifyClient         require
    SSLCACertificateFile    /path/to/your/enterprise-CA.pem
    RequestHeader           append  X-Alfresco-Remote-User  "%{SSL_CLIENT_S_DN_Email}e"

    This will accept all client certificates that have been signed by the CA identified by the certificate stored in enterprise-CE.pem. It will use the email address stored in this certificate as the user name.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.