Hyland Connect

michael_s1 · ‎09-28-2016

Hi, I hope someone can help.

I have activated passthru authentication, but since doing so, I am getting the message "Alfresco is running without Share Services. See your System Administrator for more details."

I have made the same change to two servers, one running Alfresco One trial 5.1.1 and one running Alfresco Community 5.1.0 (r127059-b7). Both are displaying the same issue.

The authentication chain is:

authentication.chain=alfinst:alfrescoNtlm,passthru1assthru,ad1:ldap-ad,ad2:ldap-ad

ntlm.authentication.sso.enabled=true

ldap.authentication.active=false

Contents of passthru-authentication-context.properties

passthru.authentication.useLocalServer=False

passthru.authentication.domain=

passthru.authentication.servers=AU\\server22.ourdomain.com,server22.ourdomain.com

passthru.authentication.authenticateCIFS=false

passthru.authentication.connectTimeout=5000

passthru.authentication.offlineCheckInterval=300

passthru.authentication.protocolOrder=TCPIP,NetBIOS

passthru.authentication.defaultAdministratorUserNames=jsmith,admin

The LDAP synchronisation is working great. I have two because I am getting two different groups of people.

Users can sign on with no problem. admin can sign on using the alfrescoNtlm.

If I remove passthru, the error goes away.

I am using http port 8080 and all other settings are out of the box.

In alfresco-global.properties

The line share.host is fully qualified instead of 127.0.0.1

share.host=server101.ourdomain.com

Any help or pointers appreciated.

kaynezhang · ‎09-29-2016

As Gethin James Said in order to make share work ,you need to install share-service amp into repository and make sure share'version number is equal to shareServices amp's version number.

You have two options to check whether share-service amp is installed correctly and it's version number.

option 1 is using the Module Management Tool (MMT),you can refer to http://docs.alfresco.com/5.0/concepts/dev-extensions-modules-management-tool.html for detail information

option 2 : You can turn on your browser's debugging tool, and you'll find something like this on console

2016-01-21 11:09:24,195 DEBUG [webscripts.connector.RemoteClient] [http-bio-8080-exec-4] Executing (GET) http://localhost:8080/alfresco/api/- default-/private/alfresco/versions/1/modulepackag...

trace the message you will find the cause of the issue.

After checking the share-service amp status ,if you find it is not installed correctly or version not match,you'd better reinstall the correct share-service amp version using mmt.

if you find it installed correctly and version matches ,you can disable the waring(not recommended) by following steps

open file ${SHARE_ROOT_FOLDER}/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/share/imports/share-header.lib.js with a text editor

and find something like this

{

id: "HEADER_SHARE_SERVICES_WARNING",

name: "share/services/ServicesWarning",

config: {

shareServices: getShareServices(),

shareVersion: getShareVersion(),

userIsAdmin: user.isAdmin

}

},

comment it out like

/*

{

id: "HEADER_SHARE_SERVICES_WARNING",

name: "share/services/ServicesWarning",

config: {

shareServices: getShareServices(),

shareVersion: getShareVersion(),

userIsAdmin: user.isAdmin

}

},

*/

View answer in original post

resplin · ‎06-08-2017

‌ Instead of commenting on an old thread that appears to have resolved the issue, it is helpful if you create a new one for your specific issue. Also, do you have Kerberos enabled?

‌ and ‌ Can one of you create an issue in the ALF project at http://issues.alfresco.com with details on how exactly you configured your system? Thank you.

darkstar1 · ‎06-09-2017

Ok. It'll have to be early next week sometime.

resplin · ‎06-09-2017

It is worth checking to see if the solution suggested in the issue linked by ‌ applies to the issue you are seeing.

anon26949 · ‎06-11-2017

Richard Esplin Thank you very much for your comment!.. My comment is also quite old... Now everything works fine. No, Kerberos was disabled in my case. Thank you for your remarks!

Kind regards,
Aleksey Bykov.

resplin · ‎06-12-2017

Thank you for confirming that you were not using Kerberos and that it currently works for you.

mrks_js1 · ‎06-09-2017

I had the same issue:

[ACE-5682] Share displays the "Alfresco is running without Share Services.See your...." message when...

authentica…

I believe it also had something to do with the browser cache.

the real issue (if i recall correctly) is that share-config-custom has changed a bit (new api endpoint):

<endpoint>
         <id>alfresco-api</id>
         <parent-id>alfresco</parent-id>
         <name>Alfresco Public API - user access</name>
         <description>Access to Alfresco Repository Public API that require user authentication.
           This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
         <connector-id>alfresco</connector-id>
         <endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
         <identity>user</identity>
</endpoint>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

compare http://docs.alfresco.com/5.0/tasks/share-change-port.html / http://docs.alfresco.com/5.1/tasks/share-change-port.html

darkstar1 · ‎06-21-2017

Thanks Markus.

I finally got around to looking at the issue today and it is down to the alfresco connector being changed.

I simply changed the api endpoint to use the cookie connector.

<endpoint>
<id>alfresco-api</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Public API - user access</name>
<description>Access to Alfresco Repository Public API that require user authentication.
This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>

resplin · ‎06-21-2017

Thanks for letting us know.

p_bodnar · ‎02-02-2018

All right, so if your Alfresco 5.1+ is running on another port than the default one (8080) and you forget to override this new "alfresco-api" endpoint, you will receive the annoying warning (still, everything else is working, or not??). So one needs to ask whether this endpoint mechanism cannot be improved (topics for a new thread, probably):

a) Share could issue at least a warning message about that the given URL is unreachable into logs.

b) It should be possible to use placeholders in these XML configurations - that would make stuff like this much easier to configure.

What do you think?

jpotts · ‎08-18-2017

I found another case where this message is displayed.

If you have both NTLM and LDAP in your authentication chain, and you have ntlm.authentication.sso.enabled=true, when you login as an LDAP-managed user you will see the message. Additionally, you will not be able to authenticate against /alfresco/api using an LDAP-managed user. Alfresco-managed users will not see the message and will be able to authenticate against /alfresco/api.

If you change ntlm.authentication.sso.enabled to false, the problem goes away.

Jeff Potts
https://www.metaversant.com | https://ecmarchitect.com