Hi all! I'll be glad if you help me!I need to setup SSO. I run alfresco on Ubuntu 12.04 srv x64I use the how-to: http://docs.alfresco.com/4.2/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Ftasks%2Fauth-kerberos-...So, I have like this:/opt/alfresco-4.2.e/java/jre/lib/security/java.login.configAlfresco {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
AlfrescoCIFS {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/cifsalfresco-dev.keytab"
principal="cifs/alfresco-dev.tokk.domain";
};
AlfrescoHTTP
{
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/httpalfresco-dev.keytab"
principal="HTTP/alfresco-dev.tokk.domain";
};
ShareHTTP
{
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/httpalfresco-dev.keytab"
principal="HTTP/alfresco-dev.tokk.domain";
};
com.sun.net.ssl.client {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
other {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
/opt/alfresco-4.2.e/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/kerberos/kerberos-authentication.propertieskerberos.authentication.sso.enabled=true
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.realm=TOKK.DOMAIN
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.defaultAdministratorUserNames=administrator
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.cifs.password=KAYshnz29
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.http.password=KAYshnz29
kerberos.authentication.stripUsernameSuffix=true
/opt/alfresco-4.2.e/tomcat/shared/classes/alfresco-global.properties
###############################
## Common Alfresco Properties #
###############################
dir.root=/opt/alfresco-4.2.e/alf_data
alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http
### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=vtuf,jcc
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
### FTP Server Configuration ###
ftp.enabled=true
ftp.port=21
### RMI service ports ###
alfresco.rmi.services.port=50500
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
deployment.rmi.service.port=0
### External executable locations ###
ooo.exe=/opt/alfresco-4.2.e/libreoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
img.root=/opt/alfresco-4.2.e/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
swf.exe=/opt/alfresco-4.2.e/common/bin/pdf2swf
swf.languagedir=/opt/alfresco-4.2.e/common/japanese
jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-4.2.e/libreoffice
jodconverter.portNumbers=8100
### Initial admin password ###
alfresco_user_store.adminpassword=4b68d597112ce6490a339eeaf4051735
### E-mail site invitation setting ###
notification.email.siteinvite=false
### License location ###
dir.license.external=/opt/alfresco-4.2.e
### Solr indexing ###
index.subsystem.name=solr
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443
### BPM Engine ###
system.workflow.engine.jbpm.enabled=false
### CIFS settings ###
cifs.enabled=true
cifs.serverName=alfresco-dev
cifs.domain=TOKK.DOMAIN
cifs.hostannounce=true
cifs.sessionTimeout=900
### authentication ###
kerberos1:kerberos
cat /opt/alfresco-4.2.e/java/jre/lib/security/java.security |grep login.config.url#login.config.url.1=file:${user.home}/.java.login.config
login.config.url.1=file:${java.home}/lib/security/java.login.config
So, I have tested my keytab files, it looks like good!
root@alfresco-dev:~# kinit -V -k -t /etc/httpalfresco-dev.keytab HTTP/alfresco-dev.tokk.domain
Using default cache: /tmp/krb5cc_0
Using principal: HTTP/alfresco-dev.tokk.domain@TOKK.DOMAIN
Using keytab: /etc/httpalfresco-dev.keytab
Authenticated to Kerberos v5
root@alfresco-dev:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: HTTP/alfresco-dev.tokk.domain@TOKK.DOMAIN
Valid starting Expires Service principal
06.03.2014 16:36:47 07.03.2014 02:36:47 krbtgt/TOKK.DOMAIN@TOKK.DOMAIN
renew until 07.03.2014 16:36:47
I have setup my Internet Explorer as shown in how-to. My Windows is in a domain, and I have a TGT. When I start my IE I see just login page on the address: http://alfresco-dev.tokk.domain:8080/share/page/ I can login via local admin by use it's password… It is very strange… I have setup: kerberos1:kerberos only. Please tell me, how-to debug my configuration. I want to know about path my config files. Is it correct? Please help me with it. It's a fresh setup alfresco, so I don't have any ldap settings and other settings. May be I need it before kerberos? I want to test SSO only for auth only, after that I'll be setup ldap-ad sync for group and permissions control of my user.
