This section describes how to configure NTLM with SkyVault Share SSO.
SkyVault Share exists as a
separate web application to the main SkyVault repository/Explorer WAR
file. It can run in the same application server instance on the same machine as the main web
application, or it can run on a completely separate application server instance on a different
machine. Share uses HTTP(S) to communicate with the configured SkyVault repository.
-
Locate the following .sample configuration override file:
<web-extension>\share-config-custom.xml.sample
Copy and rename the file to:
<web-extension>\share-config-custom.xml
-
Edit the file, and then uncomment the following section:
<!-- SSO authentication config for Share NOTE: change localhost:8080 below to appropriate SkyVault server location if required --> <config evaluator="string-compare" condition="Remote"> <remote> <connector> <id>alfrescoCookie</id> <name>SkyVault Connector</name> <description>Connects to a SkyVault instance using cookie-based authentication</description> <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class> </connector> <endpoint> <id>alfresco-feed</id> <name>SkyVault Feed</name> <description>SkyVault Feed - supports basic HTTP authentication via the EndPointProxyServlet</description> <connector-id>alfrescoCookie</connector-id> <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url> <identity>user</identity> <external-auth>true</external-auth> </endpoint> <endpoint> <id>alfresco</id> <name>SkyVault - user access</name> <description>Access to SkyVault Repository WebScripts that require user authentication</description> <connector-id>alfrescoCookie</connector-id> <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url> <identity>user</identity> <external-auth>true</external-auth> </endpoint> </remote> </config>
- Change the <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url> value to point to your SkyVault server location.
-
Set the maxThreads option in the
<TOMCAT_HOME>/conf/server.xml file.
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" maxThreads="200" />
Note: If Share and SkyVault are installed on the same Tomcat, it is important to set the maxThreads option to 2*(expected number of concurrent requests). This is because each Share request spawns an SkyVault request. - Restart Share.
If you have configured SkyVaultNtlm or passthru in your SkyVault authentication chain and
enabled SSO, NTLM will be the active authentication mechanism.