cancel
Showing results for 
Search instead for 
Did you mean: 

Alfresco Integration with OpenSSO

daxter123
Champ in-the-making
Champ in-the-making
HI,

How i can integrate alfresco with open sso?

Thanks
27 REPLIES 27

techian
Champ in-the-making
Champ in-the-making
I poked around a bit and found that you have a folder called share in svn. I checked that out and built and deployed it in the Alfresco Share web application. I used the web.xml from the svn. I placed the AMConfig.properties in <webapps>\share\WEB-INF\classes and custom-web-context.xml in <tomcat>\shared\classes\alfresco\extension. I also had to place the jar file I built in the <webapps>\alfresco\WEB-INF\lib folder

On first access to Alfresco Share, I get redirected to Open SSO login. However after a successful login there, I get redirected back to Alfresco Share's login page.

Did I miss any step in setting up Alfresco Share to do OpenSSO authentication?

g_fernandes
Champ in-the-making
Champ in-the-making
Hi,

Please refer to http://opensource.sourcesense.com/confluence/display/ALE/version+0.6 to integrate Share and webscripts in general with OpenSSO. CIFS is not yet supported in this version, but will be shortly!


Regards,


Gustavo Nalle Fernandes
g.fernandes at sourcesense.com

techian
Champ in-the-making
Champ in-the-making
This works great! Thanks for sharing it with the community.
I did notice that logout from Share does not work unlike logout from Alfresco. I suppose the cookie needs to be cleared by redirecting to the Opensso login URL.

g_fernandes
Champ in-the-making
Champ in-the-making
You're welcome!

The Share's logout is not yet implemented in version 0.6, it'll be included in the next version, to be released very shortly. Please refer to http://opensource.sourcesense.com/jira/browse/ALFOSSO-1.

Thanks,

Gustavo Nalle Fernandes
g.fernandes at sourcesense.com

techian
Champ in-the-making
Champ in-the-making
I somehow managed to break the OpenSSO integration with Alfresco when moving to a new Server. I downloaded the latest Alfresco 3.1 Labs release with Tomcat bundle and added the Sourcesense OpenSSO filter as described in this HOWTO http://opensource.sourcesense.com/confluence/display/ALE/version+0.6.

However, after a successful redirect and login from OpenSSO to Alfresco, the new user is not created and the Login(guest) link remains as it is. Likewise, when I try to login to Share, it results in an infinite redirect loop. When I looked up this infinite redirect loop, most solutions point to enabling cookie encoding in OpenSSO to overcome a Tomcat issue http://docs.sun.com/app/docs/doc/820-3320/ggwyv?a=view. This did not solve the login problem, but it did get rid of an extra Warning message I was seeing in catalina.out
WARNING: Parameters: Invalid chunk ignored
.
I tried a few different options including adding the following to AMConfig.properties
com.iplanet.am.serverMode=false
com.iplanet.am.cookie.encode=true
com.iplanet.am.cookie.secure=false
But that did not work either. I wonder if at the client level you have to decode the parameters before building the token.

Here is the trace I'm seeing in catalina.out

amNaming:04/30/2009 02:14:53:846 PM PDT: Thread[http-8080-1,5,main]
ERROR: WebtopNaming.getServerId():noServerId
amNaming:04/30/2009 02:14:53:884 PM PDT: Thread[http-8080-1,5,main]
ERROR: WebtopNaming.getServerId()
java.lang.Exception: Cannot find server ID.
   at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:626)
   at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:590)
   at com.iplanet.services.naming.WebtopNaming.getAMServerID(WebtopNaming.java:226)
   at com.iplanet.dpro.session.Session.<clinit>(Session.java:311)
   at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:88)
   at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:239)
   at com.sourcesense.alfresco.opensso.OpenSSOClient.createTokenFrom(OpenSSOClient.java:79)
   at com.sourcesense.alfresco.webscript.OpenSSOAuthenticationFactory$OpenSSOAuthenticator.authenticate(OpenSSOAuthenticationFactory.java:91)
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:265)
   at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:261)
   at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)
   at org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:116)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:619)

amSSOProvider:04/30/2009 02:14:53:988 PM PDT: Thread[http-8080-1,5,main]
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
   at com.iplanet.dpro.session.Session.getSession(Session.java:970)
   at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:88)
   at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:239)
   at com.sourcesense.alfresco.opensso.OpenSSOClient.createTokenFrom(OpenSSOClient.java:79)
   at com.sourcesense.alfresco.webscript.OpenSSOAuthenticationFactory$OpenSSOAuthenticator.authenticate(OpenSSOAuthenticationFactory.java:91)
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:265)
   at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:261)
   at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)
   at org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:116)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:619)

I have noticed that opensso has a number of undocumented gotchas - For instance, the configurator does not like it when I deploy OpenSSO with the / context path and throws a string index out of range exception. Maybe I've run into one such weirdness.

g_fernandes
Champ in-the-making
Champ in-the-making
Hi, some things to check:

1) You said you moved OpenSSO to a new server. Is this new server accessible under the same domain (or a subdomain) of the Alfresco server?
2) What's the value of your property com.iplanet.am.naming.url at <Alfresco_Home>/tomcat/shared/classes? Can you access that URL in the browser from the Alfresco machine?
3) What is the version of your tomcat that runs OpenSSO? Version 6.0.18 is recommended


Regards,

Gustavo Nalle Fernandes
g.fernandes at sourcesense.com

techian
Champ in-the-making
Champ in-the-making
The OpenSSO server and the Alfresco server are in the same domain.
The naming URL is accessible from the Alfresco machine
I used the Tomcat version bundled with Alfresco 3.1 which happens to be 6.0.18.

That being said, I finally got it working.

I moved the AMConfig.properties and the openssosdk-8.0 jar file to the individual webapps (alfresco and share) WEB-INF directory instead of the tomcat container level directories as listed in the HOWTO and everything seems to be working now! I'm not sure why this would be the case, but since its working, I'm moving on for now.

Also, for integration with Liferay Portal, I had to set the com.iplanet.am.cookie.encode=true both on the Alfresco side AMConfig.properties and in the OpenSSO server (using their console)
com.iplanet.am.cookie.encode=true
. I think setting this property in all cases is probably a good idea.

javid
Champ in-the-making
Champ in-the-making
plz can any of u tell wat might be causing this
com.iplanet.dpro.session.SessionException: Service URL not found
can u tell me wherein i hav to specify the service url in alfresco plz reply asap thanks in advance

g_fernandes
Champ in-the-making
Champ in-the-making
There are two properties related to OpenSSO that your must set, as of version 0.6 http://opensource.sourcesense.com/confluence/display/ALE/version+0.6 of the filter.
In the web.xml goes the url and port of your opensso server. In AMConfig.properties goes the naming URL of the opensso
(property com.iplanet.am.naming.url). To be sure the values are correct, try to open them in the browser.

Regards,

Gustavo Nalle Fernandes
g.fernandes at sourcesense.com

myj
Champ in-the-making
Champ in-the-making
I tried essentially the same thing as you described except I am using alfresco-opennso v 0.7 and tomcat 5.5.27, and no luck.  No liferay involved, just alfresco and opensso.

Posted details at http://opensource.sourcesense.com/confluence/display/ALE/version+0.6

Any other pointers.


The OpenSSO server and the Alfresco server are in the same domain.
The naming URL is accessible from the Alfresco machine
I used the Tomcat version bundled with Alfresco 3.1 which happens to be 6.0.18.

That being said, I finally got it working.

I moved the AMConfig.properties and the openssosdk-8.0 jar file to the individual webapps (alfresco and share) WEB-INF directory instead of the tomcat container level directories as listed in the HOWTO and everything seems to be working now! I'm not sure why this would be the case, but since its working, I'm moving on for now.

Also, for integration with Liferay Portal, I had to set the com.iplanet.am.cookie.encode=true both on the Alfresco side AMConfig.properties and in the OpenSSO server (using their console)
com.iplanet.am.cookie.encode=true
. I think setting this property in all cases is probably a good idea.