Hello everyone,
We have need to integrate Alfresco with Azure AD for users/groups synchronization and authentication. Just wondering if anyone had similar requirement and it was possible to do so. Basically I am trying to find answer for:
1) If it is possible to sync users and groups from Azure AD to Alfresco similar to what is possible with on-premise AD.
2) If it is possible to configure Azure AD authentication with Alfresco.
There is not much I can find from internet about this. I could come across following URL:
https://azuremarketplace.microsoft.com/en-in/marketplace/apps/aad.alfresco?tab=Overview
"GET IT NOW" button takes me to page:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on
As Alfresco supports SAML it may be possible to configure SAML based SSO with Azure AD but I am not able to find out any documentations specific to Alfresco.
Best regards,
Rajesh
Solved! Go to Solution.
You can use Azure AD just like an on-prem AD. The only thing you'd need to do is enable LDAPS access to your Azure AD, which is not enabled by default. Check the appropriate Azure docs for enabling LDAPS.
With Alfresco Enterprise you can setup SAML authentication with Azure AD easily. I have this running at a local customer who uses Azure AD to handle external users. Note that even without SAML as SSO, you can already authenticate against Azure once you have configured the LDAP-AD integration.
You can use Azure AD just like an on-prem AD. The only thing you'd need to do is enable LDAPS access to your Azure AD, which is not enabled by default. Check the appropriate Azure docs for enabling LDAPS.
With Alfresco Enterprise you can setup SAML authentication with Azure AD easily. I have this running at a local customer who uses Azure AD to handle external users. Note that even without SAML as SSO, you can already authenticate against Azure once you have configured the LDAP-AD integration.
Thanks a lot Axel. Now when we have confirmation that it is possible we will figure out next steps.
Hello Axel,
We are finally able to configure user and group sync from Azure AD. We are also able to setup SAML authentication against Azure AD enterprise application.
But we are having slight trouble when user tries to logout. We have configure IdP service URLs like following in Alfresco Admin console page:
We have identical URL for all three fields in metadata file. After logout it redirects user to
And after click of "Back to My Dashboard" button it takes user to user dashboard page without any login.
I am not sure if we are missing some configuration here but it seems logout is not really happening and also can we someone avoid share error page.
Best regards,
Rajesh
I remember hitting a similar error when we set this up at a customer, and it turned out we just had a configuration error in Azure config + Alfresco SAML config. Unfortunately I can't remember specifically what our mistake was, but you should check again if all the SAML login / logout URLs have been configured correctly both in Azure and Alfresco.
Thanks a lot Axel. After checking carefully we found followings in share.log:
2019-03-05 13:59:00,062 ERROR [org.alfresco.web.site] [http-apr-8080-exec-3] javax.servlet.ServletException: SAML LogoutResponse must be submitted using POST
It is rather obvious exception that after successful logout Azure AD sends logout response to Share Logout URL, but it should have been done using POST binding. Unfortunately I am not able to figure anyway in Azure AD to specify POST binding. Just hoping if this gives some hint for you to remember how you overcame this issue :-)
Rajesh Jha we are blocked with the same issue you summarized. Were you able to fix the issue ?
Hi Axel. We are also facing the exact issue and are blocked. Is the fix you made anywhere documented by now ?
Unfortunately not. We still have issue with logout.
Oh. If you don't mind answering, could you tell me if you still went with Azure AD SSO flow implementation and any workarounds you have in place for this logout issue ?
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.