Hyland Connect

abhishek2341 · ‎05-12-2016

Hi Forum , let me tell u i am liferay developer and i'm having one requirement regarding Alfresco , so it almost completed but i/m stuck in the middle of my project so i reallyie need a expert opinion in this , kindly help me to clear this.

As my requirement is

i had integrated the alfresco in liferay . i can able to login to liferay using third party integration .
for that i had used CAS. now the when i clicked on sign_in button then it goes to third party when i enter BRUNO BRUNO then it will login in liferay portal then the problem comes.
At the time of login i can see the liferay portal , then the alfresco portlet is been not log in then i have to put the username and password
then only alfreso is been logged in

But when i clicked on sign out button then automatically
liferay and alfresco also logout means MY SINGLE SIGN OUT is working.

Note:- i had created a user in alfresco BRUNO BRUNO and same in Liferay ALso

how to do so that sign-in work????

This is link of mock screen how exactly it is looking, kindly have a look for better understanding.

https://docs.google.com/document/d/1T4k3OBTXgTJnqsgELft9fIera3D-SzjZN_9H0putWbk/edit

For integration i had followed this link

https://web.liferay.com/web/navin.agarwal11/blog/-/blogs/integration-with-alfresco-4-x-and-liferay-6...

Kindly looking for best answer from your community !

Regards
Abhishek

steven_okennedy · ‎05-18-2016

Hi Abhishek,

When integrating with Liferay, Alfresco is configured to use the external authentication system, which is basically a way for Alfresco to allow authentication to be delegated to an external system - basically if that system gives Alfresco a username, Alfresco will treat that user as authenticated.

To do this, as far as I know, by default Alfresco expects a header to be supplied on the request containing the user id of the authenticated user - unless you've changed this in the external authentication subsystem properties, this will be the header "X-Alfresco-Remote-User". If this header is present and contains a user that Alfresco recognises, then you get logged in - otherwise login page.

Normally (I think), when Share is running as a portlet in Liferay it generally gets the screen name from the remoteUser value of the current request (from the portlet's user-principal-strategy: screenName). It then set's the "X-Alfresco-Remote-User" header on all requests from the Share running within Liferay to Alfresco, thus meeting the external authentication requirements.

In your case, it sounds like Share is not sending the correct header on the request to Alfresco, so Alfresco is redirecting for authentication. It may be that because of the involvement of CAS in the mix here that the remoteUser value is unavailable to the share portlet for some reason.

Another possibility is that the header is being sent but the username being included on the header doesn't match what Alfresco expects.

I would suggest next steps to take would be to verify whether or not the header exists on request from Share to Alfresco and whether it contains the right value. Possibly use a network analyser like Wireshark if Liferay and Alfresco are running on different systems, or if you can, attaching a remote debugging session will allow to see a lot. Classes to look at would be org.alfresco.web.site.servlet.SSOAuthenticationFilter on the Share side and org.alfresco.web.app.servlet.DefaultRemoteUserMapper on the Alfresco side

Regards

Steven

abhishek2341 · ‎05-19-2016

Ok i will try

abhishek2341 · ‎05-19-2016

i got this error when i enter the Credentials in liferay cas login page
username- admin
password- admin
alfresco username and passwrod is same
but i got this error
(liferay eclipse console )

2016-05-19 09:54:23,254 INFO [webscripts.connector.RemoteClient] [http-bio-9080-exec-1] Exception calling (POST) http://localhost:8080/alfresco/s/remoteadm/create/alfresco/site-data/extensions/default-persisted-ex...
2016-05-19 09:54:23,254 INFO [webscripts.connector.RemoteClient] [http-bio-9080-exec-1] Error status 500 Connection reset
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)

what does it realliye mean

and alfresco-global.properties

authentication.chain=alfrescoNtlm1:alfrescoNtlm,external1:external
external.authentication.proxyUserName=alfresco-system
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=X-Alfresco-Remote-User

But still nothing goona work still i have to do login.

steven_okennedy · ‎05-19-2016

Hi Abhishek,

As I said previously you need to check whether the header is being set on the calls to Alfresco (not Share), and whether it contains what you think it should. You should not be setting external.authentication.proxyUserName=alfresco-system - that should be set to empty unless you are using SSL.

Apart from the that, there's very little config that is done in Alfresco to make things work. As I mentioned above, if the user's screen name is available via a getRmoteUser call, then the Share portlet will pick it up and send the correct header to Alfresco. If it is not available, there's nothing you can configure in Alfresco to change that. You would have to identify what's happening in CAS/Liferay.

Regards

Steven

abhishek2341 · ‎05-19-2016

yeah correct sir that is what i am trying to do getRemoteUser , but how excatly i can do.

how would i can do so that it can authenticate.
kindly tell me the steps . from today whole day i did configurations but nothing gonna exactly it works..where i have to do modifications

already i tried a lot. but sign in again issue.

1- what exactly i have to put in global.properties.
2- what exactly i have to put in config.xml file in alfresco and liferay.

kindly tell me above this.

abhishek2341 · ‎05-19-2016

how eaxctly i have to do or modified
need to check whether the header is being set on the calls to Alfresco ??

abhishek2341 · ‎05-20-2016

yeah sir i followed your steps and put the x-alfresco-remote-user now i get the share portlet directly logged in but one problem comes.

when i started the liferay server , it will take some time , after few minutes i see that share portlet is directly logged in but the when i tried to logout then in setting logout button is missing. i dont know why ?? kindly have a look in screenshot.

sir finally my logion happened kindly tell me how to logout so that i will recheck sso is working or not ?

steven_okennedy · ‎05-20-2016

Hi Abhishek,

The logout button is not displayed when you are signed in using external authentication. Authentication is being handled by an external entity (CAS in your case), it controls whether the user is treated as authenticated or not. Alfresco has no say in this, authentication is delegated fully to the external system.

If you want to log the user out, you log out via CAS

Regards

Steven

abhishek2341 · ‎05-21-2016

yeah i get that one but how to logout from cas, as because when i put the filter tag in liferay/tomcat/webapp/share/web.xml

this code


<filter>
  <filter-name>CAS Single Sign Out Filter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>

<filter-mapping>
  <filter-name>CAS Single Sign Out Filter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
   <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

then my portlet suddenly Unavailable , what should i do now sir as because it is not been authentication via cas , if i changed the custom-config.xnl file and manually if i logout then if i want to login again then again login page come….??

how to logout when i click on logout button in liferay .
kindly tell me , login happened only logout is been left

Hyland Connect

Alfresco+Liferay+Cas=SSO