Firefox can use Kerberos for single sign-on (SSO) to intranet sites and other protected websites. For Firefox to use Kerberos, it first has to be configured to send Kerberos credentials to the appropriate KDC. Users can enable Kerberos single sign-on (SSO) authentication using preference in their browser profile but it's also possible to set the default for all Firefox users on the system. During my ApacheCon talkthis year, one of the questions from the audience focused on. I am deploying Linux/Firefox on a corporate Kerberos network. I followed this Kerberos-on-Firefox procedure but still Firefox does not connect via the company's Kerberos. I am using Firefox 3.0.18 on RedHat EL Server 5.5. Here is what I did: Run kinit on the command line to create a Kerberos ticket; Check with klist: the ticket is valid until tomorrow, service principal is krbtgt/DC.
- Firefox Kerberos Authentication
- Firefox Kerberos Proxy Authentication
- Firefox Kerberos Gpo
- Firefox Kerberos Gpo
Screenshot of a contract document in Alfresco's user interface, Share, showing the built-in viewer and metadata display
|Developer(s)||Alfresco Software, Inc.|
|Initial release||November 2005; 15 years ago|
|Type||ECM, BPM, and Records Management|
|License||Enterprise Edition is proprietary; Community Edition is LGPL v3|
Alfresco is a collection of information management software products for Microsoft Windows and Unix-likeoperating systems developed by Alfresco Software Inc. using Java technology. Their primary software offering, branded as a Digital Business Platform is proprietary & a commercially licensed open source platform, supports open standards, and provides enterprise scale.
Alfresco Software Inc. also provides open source Community Editions as free, LGPLv3 licensed open source software. These have some default restrictions in terms of scalability and availability, e.g. there is no built-in clustering support. Quality assurance by Alfresco is limited and bug fixes are only issued for the current versions. There is a community support for the Community Edition including an independent association, the Order of the Bee.
John Newton (co-founder of Documentum) and John Powell (a former COO of Business Objects) founded Alfresco Software, Inc. in 2005. Its investors include the investment firms Sapphire Ventures (formerly SAP Ventures), Accel Partners and Mayfield Fund. The original technical staff consisted of principal engineers from Documentum and Oracle.
In July 2005, Alfresco released the first version of their software.
While Alfresco's product initially focused on document management, in May, 2006, the company announced its intention to expand into web content management by acquiring senior technical and managerial staff from Interwoven; this included its VP of Web Content Management, two principal engineers, and a member of its user-interface team.
In October 2009, the 2009 Open Source CMS Market Share Report described Alfresco as a leading Java-based open source web content management system.
In 2010, Alfresco sponsored a new open-sourceBPM engine called Activiti.
In July 2011, Alfresco and Ephesoft announced a technology partnership to offer document capture and Content Management Interoperability Services brought together for intelligent PDF capture and search and workflow development.
In October 2011, Alfresco 4.0 was released with improvements to the user interface. The new Alfresco moved additional features from Alfresco Explorer to Alfresco Share, as Alfresco Explorer is intended to be deprecated over time.
In January 2013, Alfresco appointed Doug Dennerline, former President of SuccessFactors, former EVP of Sales at Salesforce.com, and former CEO of WebEx, as its new CEO.
In September 2014, Alfresco 5 was released with new reporting and analytics features and an overhaul of its document search tool, moving from Lucene to Solr.
In November 2016, Alfresco launched an AWS Quickstart for building an Alfresco Content Services server cluster on the AWS Cloud.
In March 2017, Alfresco 5.2 was released and rebranded as the Digital Business Platform. This included the release of the Application Development Framework with reusable Angular JS(2.0) components.
On February 8, 2018, it was announced that Alfresco was to be acquired by the private equity firm Thomas H. Lee Partners, L.P.
On September 9, 2020, Alfresco was bought by Hyland Software for an undisclosed amount.
Alfresco's core Digital Business Platform offering consists of three primary products. It is designed for clients who require modularity and scalable performance. It can be deployed on-premises on servers or in the cloud using an Amazon Web Services (AWS) Quick Start. A multi-tenantSaaS offering is also available.
Alfresco Content Services (ACS)
The enterprise content management (ECM) capabilities that have been a core part of Alfresco's business since its founding. It includes a central content and metadata repository, a web interface named Share, the ability to define automated business rules, and full-text indexing provided using Apache Solr.
Alfresco Process Services (APS)
The business process management (BPM) capabilities stemming from the open source Activiti project. It includes graphical design tools, business rules editors, and data integration to external business systems.
Alfresco Governance Services (AGS)
Formerly known as Alfresco Records Management, AGS is an add-on software component that provides records management functionality to address information governance requirements. Alfresco Governance Services is DoD 5015.02 certified for records management.
Alfresco Community Edition
The open source community edition of Alfresco Content Services.
Activiti is a separate open source product that is the community edition of Alfresco Process Services.
Enterprise content management for documents, web, records, images, videos, rich media, and collaborative content development. In 2019 it implemented a programme to enable George Eliot Hospital NHS Trust to become paperless.
Alfresco is capable of the following:
- Records management, including 5015.2 certification
- Learning content management support for learning management systems (e.g. Moodle)
- LOR Learning Object Repository (edu-sharing)
- Integrated publishing
- Repository access via CIFS/SMB, FTP, WebDAV, NFS and CMIS
- Automating business processes with the embedded Activiti BPM engine
- Solr search
- Federated servers
- Multi-language support
- Portable application packaging
- Multi-platform support (officially Windows and Linux:CentOS, RHEL, Amazon Linux, SuSE and Ubuntu)
- Browser-based GUI (official support for Google Chrome, Internet Explorer, Firefox, Apple Safari, Microsoft Edge)
- Desktop integration with Microsoft Office (available in enterprise version only) and LibreOffice.
- Online integration with Google Docs
- Clustering support
- Pluggable authentication: NTLM, LDAP, Kerberos, CAS
- Multiple database support: MySQL, PostgreSQL, Oracle Database (Enterprise Edition), IBM DB2, Microsoft SQL Server (Enterprise Edition), MariaDB, Amazon Relational Database Service, Amazon Aurora
- ^'Alfresco Community Edition 201901 GA Release Notes'. alfresco.com. Retrieved 2019-07-06.
- ^ ab'Open Source Licensing'. ECM Architect Blog. October 17, 2012. Retrieved August 21, 2017.CS1 maint: discouraged parameter (link)
- ^'Alfresco Releases Digital Business Platform to Speed App Development'. CMSWire. February 28, 2017. Retrieved August 22, 2017.CS1 maint: discouraged parameter (link)
- ^ abPotts, Jeff (May 24, 2015). 'What's going on with Alfresco clustering?'. ECM Architect Blog. Retrieved February 25, 2014.CS1 maint: discouraged parameter (link)
- ^Corti, Francesco. 'The order of the Bee. Something is happening in the Alfresco community'. FCORTI. Retrieved 24 October 2017.CS1 maint: discouraged parameter (link)
- ^'Alfresco'. Crunchbase. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^'Open source CM'. KM World. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^'Top Web Content Management Team Joins Alfresco Software'. Press Release. Alfresco Software, Inc. May 22, 2006. Retrieved February 25, 2014.CS1 maint: discouraged parameter (link)
- ^'Alfresco'. Open Source CMS Market Share Report 2009. Simpler Media Group, Inc. p. 62. Retrieved February 25, 2014.CS1 maint: discouraged parameter (link)(registration required)
- ^ abLong, Josh. 'Alfresco Announces Activiti Project, an Apache 2 Licensed BPM Engine'. InfoQ. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^Roe, David (July 8, 2011). 'Alfresco, Ephesoft Partnership Offers CMIS-based Open Source Capture-to-Workflow Technology'. CMSWire. Simpler Media Group, Inc. Retrieved February 25, 2014.CS1 maint: discouraged parameter (link)
- ^'Alfresco releases Version 4'. KM World. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^Bort, Julie. 'What I Learned From John Chambers And Marc Benioff'. Business Insider.
- ^Murphy, Tim. 'Alfresco Aims Higher as it Launches v5 #AlfrescoSummit'. CMSWire. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^Preimesberger, Chris. 'Alfresco Offers Early Availability for Its AWS Deployment'. eWeek. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^'Alfresco Content Services on AWS'. Amazon Web Services. Retrieved 18 September 2017.CS1 maint: discouraged parameter (link)
- ^'Alfresco Introduces New Digital Business Platform'. KMWorld. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^'Thomas H. Lee Partners to Acquire Alfresco Software'. Business Wire. 8 February 2018. Retrieved 8 February 2018.CS1 maint: discouraged parameter (link)
- ^'Query Builder Acquisitions'. Crunchbase. Retrieved 2021-04-06.
- ^'Hyland, a NE Ohio software company, buys Alfresco'. www.bizjournals.com. Retrieved 2021-04-06.
- ^'Alfresco Content Services on AWS'. Amazon AWS. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^Roe, David. 'Alfresco Offers Its Platform as a Managed Service on AWS'. CMSWire. Simpler Media Group. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^Backaitis, Virginia. 'Alfresco Primes Its Activiti Pump'. CMSWire. Simpler Media Group. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
- ^ ab'JITC Records Management Application Product Register'. Joint Interoperability Test Command. Retrieved August 22, 2017.CS1 maint: discouraged parameter (link)
- ^'Alfresco helps George Eliot Hospital NHS Trust begin its paperless journey'. Building Better Healthcare. 17 January 2020. Retrieved 12 March 2020.CS1 maint: discouraged parameter (link)
- ^ abcdef'Supported Platforms'. Alfresco Services. Alfresco. Retrieved 22 August 2017.CS1 maint: discouraged parameter (link)
|Wikimedia Commons has media related to Alfresco (software).|
|MediaWiki has documentation related to: Category:Alfresco|
- Alfresco Software External Project Repositories on GitHub
Firefox Kerberos Authentication
Using Kerberos implies that your client's browser must be configured properly!
Depending upon which browser your clients use, you have to set up the Kerberos configuration in a different way.Please note that without a proper configured browser, the Kerberos token is not sent to the server and so SSO will not work!
Firefox Kerberos Proxy Authentication
The URL http://webserver.test.ad must be added to Internet options > Security > Local intranet. You can deploy this setting by using a group policy for the node Computer Configuration/Policies/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Site to Zone Assignment List. Each of your SSO-enabled sites has to be in the Intranet zone (value = 1).You can use wildcards like 'https://*.test.ad'.
After you have configured the setting, it should look like this:
Please note, that enforcing a GPO for Site to Zone Assignment List does no longer allow your users to edit the setting on their own! There are two options:
- Collect each custom configuration and assemble the complete list. In most cases you can use a wildcard on your internal domain like https://.test.ad* and http://.test.ad* to include all internal sites.
- Configure a custom assignment list by using a logon script or something like OpsCode Chef or Microsoft's Desired State Configuration.
The first option should be the way to go.
Check the other security settings
Please make sure that there your SSO-enabled domain is only entered in the Local intranet zone and nowhere else! If you have falsely entered the same domain in Trusted sites and Local intranet, the first one is used an no Kerberos token is sent by Internet Explorer to the webserver.
Newer versions of Chrome do automatically detect the Kerberos negotiation and transmit your token. In case you are using an outdated version of Chrome we highly suggest to update it for security reasons.
If an update is not possible at all, Chrome must be started with the parameter
Firefox Kerberos Gpo
This setting can be automatically deployed by using group policies.
- Download the official group policies for Chrome
- Follow the installation procedure and open the chrome.admx
- Configure a policy for the option AuthServerWhitelist
- Deploy the policy
In Firefox you have to go to the about:config page and set the parameters
Firefox Kerberos Gpo
The deployment of these settings can be done by using GPO for Firefox. This is a plug-in for Firefox which itself has to be automatically deployed and/or bundled with your NETLOGON script.