Nuxeo Server

Generic SSO Authentication

Updated: December 5, 2017 Page Information Edit on GitHub

This page is scheduled for review and update. Check back soon for updated content!

This plugin assumes Nuxeo is behind an authenticating reverse proxy that transmits user identity using HTTP headers. For instance, you will configure this plugin if an Apache reverse proxy using client certificates does the authentication or for SSO system - example Central Authentication System V2.

To install and configure this plugin:

  1. Download the nuxeo-platform-login-mod_sso addon.
  2. Put it in $TOMCAT_HOME/nxserver/bundles/ or $JBOSS_HOME/server/default/deploy/nuxeo.ear/bundles and restart the server.
  3. Add the plugin into the authentication chain. Contribute an XML extension from the following content. Adapt the authenticationChain element content with the list of plugins you want to use.



  4. Create an XML extension with the following content:

     <component name="org.nuxeo.ecm.platform.authenticator.mod.sso.config">
      <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators">
        <authenticationPlugin name="PROXY_AUTH">
            <\!-\- configure here the name of the http header that is used to retrieve user identity -->
            <parameter name="ssoHeaderName">remote_user</parameter>
            <parameter name="ssoNeverRedirect">false</parameter>

    Notes: Your XML extension's name must end with -config.xml.

  5. Adapt the content of the loginModulePlugin section. Note: The ssoNeverRedirect parameter should be set to true if the PROXY_AUTH is used with REST calls, where you don't want to redirect the response.

  6. Save.

a month ago Manon Lumeau add tags for doc days
2 months ago Manon Lumeau Fix tags for doc days
2 months ago manonlumeau Added content-review-lts2017 label
3 months ago manonlumeau NXDOC-1346-FT review screenshot
History: Created by manonlumeau