Alfresco is an ECM/BPM software.

Since 4.0 release, it offers an easy way to configure SSO thanks to authentication subsystems.

If you use an older version, you need to refer to the following documentation:
The official documentation can be found here:

You need to find the following files in your Alfresco installation:

  • (ex: tomcat/shared/classes/
  • share-config-custom.xml (ex: tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml)

The first will allow to configure SSO for the alfresco webapp, and the other for the share webapp.

Edit first and add the following:

### SSO ###

Edit then share-config-custom.xml and uncomment the last part. In the <endpoint>, change <connector-id> value to alfrescoHeader and change the <userHeader> value to Auth-User:

   <config evaluator="string-compare" condition="Remote">
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and cookie-based authentication</description>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>

You need to restart Tomcat to apply changes.

Now you can log in with a simple HTTP header. You need to restrict access to Alfresco to LL::NG.

Just set the Auth-User header with the attribute that carries the user login, for example $uid.

You can intercept the logout with this rule: ^/share/page/dologout ⇒ logout_app_sso