topic SSO not working in Share in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/sso-not-working-in-share/m-p/286605#M239735 <HTML><HEAD></HEAD><BODY><SPAN>Hi all,</SPAN><BR /><BR /><SPAN>I'm trying to implement SSO with external web application and Share. My requirement is if user is successfully authinticated in external web application through LDAP then user will be redirect to Share without asking for username &amp; password. As a first step I did below and hard coded "admin" in my filter -</SPAN><BR /><SPAN>1. Created below filter and copied jar file under $Alfresco_TOMCAT/Webapps/alfresco/Web-Inf/lib and $Alfresco_TOMCAT/Webapps/share/web-inf/lib</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />public class SSOIntegrationFilter implements Filter { <BR />&nbsp;&nbsp;&nbsp; private static final String PARAM_REMOTE_USER = "remoteUser"; <BR />&nbsp;&nbsp;&nbsp; private static final String SESS_PARAM_REMOTE_USER = SSOIntegrationFilter.class.getName() + '.' + PARAM_REMOTE_USER; <BR />&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; public void init(FilterConfig arg0) throws ServletException {<BR />&nbsp;&nbsp;&nbsp; } <BR />&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; public void destroy() {} <BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HttpServletRequest httpServletRequest = (HttpServletRequest) req; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String remoteUser = "admin";<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // We've successfully authenticated the user. Remember their ID for next time. <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (remoteUser != null) { <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HttpSession session = httpServletRequest.getSession(); <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session.setAttribute(SESS_PARAM_REMOTE_USER, remoteUser); <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; chain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; @Override <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; public String getRemoteUser() { <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return (String) getSession().getAttribute(SESS_PARAM_REMOTE_USER); <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }, res); <BR />&nbsp;&nbsp;&nbsp; } <BR /><BR />&nbsp; }&nbsp; <BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>2. Uncomment&nbsp; below part in share-config-custom under $Alfresco_Tomcat\shared\classes\alfresco\web-extension - </SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR /> &lt;config evaluator="string-compare" condition="Remote"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;remote&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;connector&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;id&gt;alfrescoCookie&lt;/id&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;name&gt;Alfresco Connector&lt;/name&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;description&gt;Connects to an Alfresco instance using cookie-based authentication&lt;/description&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;class&gt;org.springframework.extensions.webscripts.connector.AlfrescoConnector&lt;/class&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/connector&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;endpoint&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;id&gt;alfresco&lt;/id&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;name&gt;Alfresco - user access&lt;/name&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;description&gt;Access to Alfresco Repository WebScripts that require user authentication&lt;/description&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;connector-id&gt;alfrescoCookie&lt;/connector-id&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;endpoint-url&gt;<A href="http://localhost:8080/alfresco/wcs" rel="nofollow noopener noreferrer">http://localhost:8080/alfresco/wcs</A>&lt;/endpoint-url&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;identity&gt;user&lt;/identity&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;external-auth&gt;true&lt;/external-auth&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/endpoint&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/remote&gt;<BR />&nbsp;&nbsp; &lt;/config&gt;&nbsp; <BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>3. Added below entry f my filter in $Alfresco_Tomcat\webapps\share\Web-Inf\web.xml </SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;filter&gt;<BR />&nbsp;&nbsp;&nbsp; &lt;filter-name&gt;Special SSO Authentication Filter&lt;/filter-name&gt;<BR />&nbsp;&nbsp;&nbsp; &lt;filter-class&gt;com.custfilter.SSOIntegrationFilter&lt;/filter-class&gt;<BR />&lt;/filter&gt; <BR /><BR />&lt;filter-mapping&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;filter-name&gt;Special SSO Authentication Filter&lt;/filter-name&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;url-pattern&gt;/page/*&lt;/url-pattern&gt;<BR />&nbsp;&nbsp; &lt;/filter-mapping&gt;<BR /> <BR />&nbsp;&nbsp; &lt;filter-mapping&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;filter-name&gt;Special SSO Authentication Filter&lt;/filter-name&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;url-pattern&gt;/p/*&lt;/url-pattern&gt;<BR />&nbsp;&nbsp; &lt;/filter-mapping&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>4. Added below part in alfresco-global.properties</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm<BR />external.authentication.proxyUserName=X-Alfresco-Remote-User<BR />authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap<BR /><BR />ldap.authentication.java.naming.security.authentication=simple<BR />ldap.authentication.userNameFormat=uid=%s,ou=users,ou=system<BR />ldap.authentication.active=true<BR />ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory<BR />ldap.authentication.java.naming.provider.url=ldap://localhost:10389<BR />ldap.authentication.allowGuestLogin=true<BR /><BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN> </SPAN><BR /><SPAN>I'm able to synchronize users through Apache Active directory LDAP. </SPAN><BR /><SPAN>Issue I'm facing - when trying to hit localhost:8080/share then system is throwing error and not able to see dashboard. Error details - </SPAN><BR /><BR /><SPAN> 2013-06-04 23:22:34,808&nbsp; ERROR [alfresco.web.site] [http-apr-8080-exec-10] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.UserFactoryException: Unable to retrieve user from repository</SPAN><BR /><SPAN> org.springframework.extensions.surf.exception.UserFactoryException: Unable to retrieve user from repository</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:194)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.web.site.SlingshotUserFactory.loadUser(SlingshotUserFactory.java:105)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:180)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:99)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.RequestContextUtil.initialiseUser(RequestContextUtil.java:249)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.RequestContextUtil.populateRequestContext(RequestContextUtil.java:182)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.RequestContextUtil.populateRequestContext(RequestContextUtil.java:137)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.mvc.AbstractWebFrameworkView.populateRequestContext(AbstractWebFrameworkView.java:380)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.mvc.AbstractWebFrameworkView.renderMergedOutputModel(AbstractWebFrameworkView.java:290)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1047)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:817)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:74)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at com.custfilter.SSOIntegrationFilter.doFilter(SSOIntegrationFilter.java:53)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1813)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at java.lang.Thread.run(Thread.java:722)</SPAN><BR /><SPAN>Caused by: org.json.JSONException: A JSONObject text must begin with '{' at character 47</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.json.JSONTokener.syntaxError(JSONTokener.java:413)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.json.JSONObject.&lt;init&gt;(JSONObject.java:180)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.json.JSONObject.&lt;init&gt;(JSONObject.java:420)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;at org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:188)</SPAN><BR /><BR /><SPAN>Please advice whether my steps are correct and what needs to be done to make it work -</SPAN></BODY></HTML> Wed, 05 Jun 2013 03:55:45 GMT sumantapakira 2013-06-05T03:55:45Z SSO not working in Share https://connect.hyland.com/t5/alfresco-archive/sso-not-working-in-share/m-p/286605#M239735 Hi all,I'm trying to implement SSO with external web application and Share. My requirement is if user is successfully authinticated in external web application through LDAP then user will be redirect to Share without asking for username &amp; password. As a first step I did below and hard coded "adm Wed, 05 Jun 2013 03:55:45 GMT https://connect.hyland.com/t5/alfresco-archive/sso-not-working-in-share/m-p/286605#M239735 sumantapakira 2013-06-05T03:55:45Z Re: SSO not working in Share https://connect.hyland.com/t5/alfresco-archive/sso-not-working-in-share/m-p/286606#M239736 <HTML><HEAD></HEAD><BODY><SPAN>Could you please guide me?</SPAN></BODY></HTML> Wed, 05 Jun 2013 17:58:51 GMT https://connect.hyland.com/t5/alfresco-archive/sso-not-working-in-share/m-p/286606#M239736 sumantapakira 2013-06-05T17:58:51Z