You are here

SkyVault Content Services 5.2 » Administering » Setting up authentication and security » Configuring authentication subsystems » Configuring external authentication

Setting SSO with client certificates

Use this information to set up SSO with client certificates.
  1. Setup Apache as proxy server in front of SkyVault Content Services and configure it to use SSL as described in Configuring SSL for a production environment.
  2. Activate external authentication as described in Configuring external authentication.
  3. To extend the SSL configuration in httpd.conf to request client authentication and forward the user name as HTTP header, add this configuration to the <VirtualHost> node: 

    SSLVerifyClient         require
SSLCACertificateFile    /path/to/your/enterprise-CA.pem
RequestHeader           append  X-Alfresco-Remote-User  "%{SSL_CLIENT_S_DN_Email}e"

    This will accept all client certificates that have been signed by the CA identified by the certificate stored in enterprise-CE.pem. It will use the email address stored in this certificate as the user name.

Parent topic: Configuring external authentication

© 2017 TBS-LLC. All Rights Reserved.