Alfresco uses SAML (2.0) to set up an SSO. SAML standards define an XML-based framework for describing and exchanging security information between identity providers (IdPs) and service providers (SP).
This security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries can trust. SAML is based on a trust relationship between an IdP and an SP (in this case Alfresco) who agree to share authentication information; metadata, and configuration information that is required to access services.
See the OASIS SAML V2.0 website for more information on SAML specifications.
Alfresco uses Web Browser SSO and Single-Logout (SLO) profiles. Once the network administrator configures SAML, all users for a given network can access Alfresco.
To set up SSO for Alfresco, the identity provider (for example, PingFederate) and the service provider (Alfresco Share) need to be configured.
The diagram below explains the exchange of information between Alfresco and an IdP.