Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco Share 4.0.d - External Authentication

wilayers
Champ in-the-making
Champ in-the-making

‎02-17-2012 10:33 AM

Hi,

I want to test the external authentication in Alfresco Share 4.0.d with the mod_auth_cas but it doesn't work.

My installation works with a Alfresco Share 3.4.4.

I kept my installation of Apache and mod_auth_cas. I just reinstalled the Alfresco in 4.0.d.

In alfresco-global.properties, I added the properties :
authentication.chain=external1:external,ldap1:ldap

# Authentification CAS
external.authentication.proxyUserName=
external.authentication.proxyHeader=x-alfresco-remote-user
external.authentication.enabled=true
external.authentication.userIdPattern=

And I uncommented in shared/classes/alfresco/web-extension/share-config-custom.xml :
   <config evaluator="string-compare" condition="Remote">
      <remote>
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
         </connector>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://localhost:9080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>

The external authentication works in Alfresco but doesn't work in Share.

Logs in alfresco.log when I want to connect in Share :
INFO: Server startup in 53657 ms
2012-02-17 16:22:25,339  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Executing (GET) http://localhost:9080/alfresco/wcs/remoteadm/has/alfresco/site-data/configurations/slingshot.site.co...
 2012-02-17 16:22:25,340  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3]  - OutputStream supplied - will stream response…
 2012-02-17 16:22:25,501  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response status code: 200
 2012-02-17 16:22:25,501  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Length=5
 2012-02-17 16:22:25,501  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Date=Fri, 17 Feb 2012 15:22:25 GMT
 2012-02-17 16:22:25,501  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response encoding: null
 2012-02-17 16:22:25,503  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Executing (GET) http://localhost:9080/alfresco/wcs/remoteadm/has/alfresco/site-data/themes/default.xml?s=sitestore
 2012-02-17 16:22:25,503  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3]  - OutputStream supplied - will stream response…
 2012-02-17 16:22:25,514  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response status code: 200
 2012-02-17 16:22:25,514  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Length=5
 2012-02-17 16:22:25,514  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Date=Fri, 17 Feb 2012 15:22:25 GMT
 2012-02-17 16:22:25,514  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response encoding: null
 2012-02-17 16:22:25,516  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Executing (GET) http://localhost:9080/alfresco/wcs/touch
 2012-02-17 16:22:25,517  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3]  - OutputStream supplied - will stream response…
 2012-02-17 16:22:25,517  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Set request header: x-alfresco-remote-user=admin.share
 2012-02-17 16:22:25,517  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Setting Cookie header: JSESSIONID=6C1F0E6A78C3F12AECB3379D8FCA0ABF
 2012-02-17 16:22:25,735  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] RemoteClient found Set-Cookie: JSESSIONID = 632BB1C8188C5A50C3404791079B390E
 2012-02-17 16:22:25,735  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response status code: 200
 2012-02-17 16:22:25,735  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Set-Cookie=JSESSIONID=632BB1C8188C5A50C3404791079B390E; Path=/alfresco
 2012-02-17 16:22:25,735  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Length=0
 2012-02-17 16:22:25,735  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Date=Fri, 17 Feb 2012 15:22:25 GMT
 2012-02-17 16:22:25,735  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response encoding: null
 2012-02-17 16:22:25,780  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Executing (GET) http://localhost:9080/alfresco/wcs/api/admin/restrictions?guest=true
 2012-02-17 16:22:25,780  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3]  - OutputStream supplied - will stream response…
 2012-02-17 16:22:25,799  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] RemoteClient found Set-Cookie: JSESSIONID = 153A3B6569000DE688A8CC683E6B7721
 2012-02-17 16:22:25,800  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Setting Cookie header: JSESSIONID=153A3B6569000DE688A8CC683E6B7721
 2012-02-17 16:22:26,344  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response status code: 200
 2012-02-17 16:22:26,344  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Type=text/html;charset=UTF-8
 2012-02-17 16:22:26,345  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Language=en
 2012-02-17 16:22:26,345  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Date=Fri, 17 Feb 2012 15:22:25 GMT
 2012-02-17 16:22:26,345  DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response encoding: Content-Type: text/html;charset=UTF-8^M

 2012-02-17 16:22:26,348  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Output (10158 bytes) from: http://localhost:9080/alfresco/wcs/api/admin/restrictions?guest=true
 2012-02-17 16:22:26,348  TRACE [webscripts.connector.RemoteClient] [TP-Processor3] ^M
<body bgcolor="#ffffff" style="background-image: url(/alfresco/images/logo/AlfrescoFadedBG.png); background-repeat: no-repeat; background-attachment: fixed">^M
^M
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Alfresco Explorer - Connexion</title>
<link rel="search" type="application/opensearchdescription+xml" href="/alfresco/wcservice/api/search/keyword/description.xml" title="Alfresco Keyword Search">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</body>^M

 2012-02-17 16:22:26,348  INFO  [web.site.EditionInterceptor] [TP-Processor3] Successfully retrieved license information from Alfresco.
 2012-02-17 16:22:26,488  ERROR [alfresco.web.site] [TP-Processor3] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.WebFrameworkServiceException: Unable to process response: A JSONObject text must begin with '{' at character 47
 org.springframework.extensions.surf.exception.WebFrameworkServiceException: Unable to process response: A JSONObject text must begin with '{' at character 47
        at org.alfresco.web.site.EditionInterceptor.preHandle(EditionInterceptor.java:152)
        at org.springframework.web.servlet.handler.WebRequestHandlerInterceptorAdapter.preHandle(WebRequestHandlerInterceptorAdapter.java:54)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:781)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
        at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:74)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.alfresco.web.site.servlet.SSOAuthenticationFilter.challengeOrPassThrough(SSOAuthenticationFilter.java:619)
        at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:382)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        at java.lang.Thread.run(Thread.java:662)
Caused by: org.json.JSONException: A JSONObject text must begin with '{' at character 47
        at org.json.JSONTokener.syntaxError(JSONTokener.java:413)
        at org.json.JSONObject.<init>(JSONObject.java:180)
        at org.json.JSONObject.<init>(JSONObject.java:420)
        at org.alfresco.web.site.EditionInterceptor$EditionInfo.<init>(EditionInterceptor.java:206)
        at org.alfresco.web.site.EditionInterceptor.preHandle(EditionInterceptor.java:109)
        … 29 more

The webscript used for external authentication in 4.0.d  have completely changed from the 3.4.4.

So, I'm wondering if the external authentication in Share is available for this release.

Does anyone know how to set up external authentication in Share 4.0.d?


Thanks for any help.

William
Labels:
0 Kudos
4 REPLIES 4

wilayers
Champ in-the-making
Champ in-the-making

‎02-27-2012 05:19 AM

No one has tested the external authentication?
0 Kudos

mboorshtein
Champ in-the-making
Champ in-the-making

‎03-03-2012 04:48 PM

I'm having the exact same issue.  Have you had any luck?  I think I see what the issue is and it might be a bug.  When I do a packet trace I see the "touch" to get the cookie:

GET /alfresco/wcs/touch HTTP/1.1
x-alfresco-remote-user: mboorshtein
User-Agent: Jakarta Commons-HttpClient/3.1
Host: localhost.localdomain:8080

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=8370A75CF2BEB70FFD94EA77ACF7D653; Path=/alfresco
Content-Length: 0
Date: Sat, 03 Mar 2012 21:39:50 GMT

So share is sending the correct header and explorer is responding with the correct jsessionid cookie but on the subsequent request:

GET /alfresco/wcs/api/admin/restrictions?guest=true HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
Host: localhost.localdomain:8080

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=377A7069B4485E5A2BE833A1B6238187; Path=/alfresco
Location: http://localhost.localdomain:8080/alfresco/faces/jsp/login.jsp?_alfRedirect=%2Falfresco%2Fwcs%2Fapi%...
Content-Length: 0
Date: Sat, 03 Mar 2012 21:39:50 GMT

Share isn't sending the cookie or the header so alfresco is just "forgetting" the login.
0 Kudos

mboorshtein
Champ in-the-making
Champ in-the-making

‎03-05-2012 10:50 AM

it looks like there's a bug with how share works with alfresco with external users.  If you change 

authentication.chain=external1:external

to

external1:external,alfrescoNtlm1:alfrescoNtlm

and restart tomcat it will work.Here's the Jira issue: https://issues.alfresco.com/jira/browse/ALF-13194

Thanks
Marc
0 Kudos

wilayers
Champ in-the-making
Champ in-the-making

‎03-13-2012 09:30 AM

Thank you very much.  Smiley Happy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC