Alfresco Share OAuth SSO Support
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
src Upgrade to OAuth2 for better end user experience Mar 13, 2013


Alfresco Share OAuth SSO Support

The Alfresco OAuth SSO module lets users login in Alfresco Share using their Google Apps account. The module creates automatically accounts which do not exist to make Share and Google Apps integrate transparently. Configuration uses standard Share Surf configuration files. The jar is packaged with all dependencies so that it can be deployed as a single jar.


I. Create a Google API Access

Go to Google API Console and create your API (

II. Deploy the library

Copy the oauth-login-module jar in your Share webapp lib folder ([$WEBAPP_FOLDER]/share/WEB-INF/lib).

III. Add the filter to web.xml

Add the following snippet to your Share web.xml before the filter named "Authentication filter"

    <description>Oauth Authentication Support</description>

and add the following filter-mappings before the "Authentication Filter" mappings


IV. Configure the OAuth filter Add the following configuration to the share-config-custom.xml file. This file generally stands in the external configuration directory of Share. In the standard tomcat installation, the Share external configuration is located in tomcat/shared/classes/alfresco/web-extension directory.

Example of configuration

    <config evaluator="string-compare" condition="OAuthFilter"> <!-- the condition must always be OAuthFilter -->
            <!-- The host of the Alfresco repository webapp -->
            <!-- The port of the Alfresco repository webapp. Put 80 for standard HTTP-->
            <!-- The protocol to access the Alfresco repository -->
              <!-- The API access URI. If you use standard Alfresco, this should not change -->
               <!-- The admin user who is able to create new users -->
            <!-- The password of the admin user -->
            <!-- The unique password for all users authenticated with OAuth. Choose one very complicated :) -->
            <!-- The domains for which incoming user should be restricted to. If blank, any valid email will be accepted -->
            <!-- The key of your API application -->
            <!-- The URI from which get the user profile informations -->
            <!-- The secret of your API application -->
            <!-- The scope(s) for getting data -->
            <!-- This is a constant and my be different in future releases -->

You can bypass the OAuthFilter by providing the bypassOAuth parameter to the share login page (example http://localhost:8081/share/page/?bypassOAuth)

Build notes

The project depends on a a modified java-scribe package available on github here :

The standard package build generates a shaded jar with dependencies included for easier deployment.

The Maven has a webapp profile which builds an exploded share war. Running the "integration-test" launches the embedded jetty server with a custom web.xml and the filter deployed.


This file is part of oauth-login-module.

oauth-login-module is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

oauth-login-module is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with oauth-login-module. If not, see