Hyland Connect

kaliyugantagoni · ‎06-15-2012

Hello,

I am trying to configure Alfresco Share with CAS (mod_auth_cas). I am able to login to /alfresco
but connot login to /share.

CAS : version 3.3
Alfresco : 4.0.d
Apache (proxyPass) : 2.2

   My Apache Configuration for alfresco and share is :

ProxyPass /alfresco http://myIp.com:8080/alfresco
    ProxyPassReverse /alfresco http://myIp.com:8080/alfresco

    <Location /alfresco>
            Options FollowSymLinks
            AuthName "CAS"
            AuthType CAS
            CASCookie APACHE_CAS
         CASScope /
            CASAuthNHeader CAS_FILTER_USER
            Require valid-user
     </Location>

    ProxyPass /share http://myIp.com:8080/share
    ProxyPassReverse /share http://myIp.com:8080/share

    <Location /share>
            Options FollowSymLinks
            AuthName "CAS"
            AuthType CAS
            CASCookie APACHE_CAS
         CASScope /
            CASAuthNHeader CAS_FILTER_USER
            Require valid-user
    </Location>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

share-config-custom.xml file

<!– this one is to enable alfresco–>
 <config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
      </remote>
   </config>
<!– this one is to enable Share–>
<config evaluator="string-compare" condition="Remote">
      <remote>
         <keystore>
             <path>alfresco/web-extension/alfresco-system.p12</path>
             <type>pkcs12</type>
             <password>alfresco-system</password>
         </keystore>

         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>CAS_FILTER_USER</userHeader>
         </connector>

          <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>CAS_FILTER_USER</userHeader>
         </connector>

        <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

alfresco-global.properties file

authentication.chain=external1:external
external.authentication.proxyUserName=
external.authentication.proxyHeader=CAS_FILTER_USER
external.authentication.enabled=true
external.authentication.userIdPattern=‍‍‍‍‍

CAS is working properly as my other applications integrated with it are running fine.
Even when i access /alfresco it works properly, but when i hit /share its shows alfresco error page.

In the logs it says :

ERROR [org.alfresco.web.site] org.springframework.extensions.surf.exception.PlatformRuntimeException: 05140007 Incorrectly configured endpoint ID: alfresco

Please help !

Thanks !

swapraw · ‎06-20-2012

HI
I am also having this same problem with exactly same configuration.
I thing i have noticed that the class org.alfresco.web.site.servlet.SlingshotAlfrescoConnector which is configured in share-config-custom.xml file for getting Share work with only external authentication, is being missing. So i manually added the source for this class and also changed the org.alfresco.web.site.servlet.SSOAuthenticationFilter for extracting userHeader configured for exterbal authentication SSO (Source code copied for both the class is taken from svn repo : link : http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/slingshot/source/java...).

I then packaged this changes in alfresco-share-4.0.d.jar and deployed under /share/WEB-INF/lib.

After i restarted alfresco server i was stil not able to access the share but this time the error i got is

23:28:09,331 ERROR [org.alfresco.web.site] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.WebFrameworkServiceException: Unable to process response: A JSONObject text must begin with '{' at character 47
org.springframework.extensions.surf.exception.WebFrameworkServiceException: Unable to process response: A JSONObject text must begin with '{' at character 47
   at org.alfresco.web.site.EditionInterceptor.preHandle(EditionInterceptor.java:151)
   at org.springframework.web.servlet.handler.WebRequestHandlerInterceptorAdapter.preHandle(WebRequestHandlerInterceptorAdapter.java:54)
   at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:781)
   at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
   at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
   at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:74)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.site.servlet.SSOAuthenticationFilter.challengeOrPassThrough(SSOAuthenticationFilter.java:703)
   at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:430)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
   at java.lang.Thread.run(Thread.java:662)
Caused by: org.json.JSONException: A JSONObject text must begin with '{' at character 47
   at org.json.JSONTokener.syntaxError(JSONTokener.java:413)
   at org.json.JSONObject.<init>(JSONObject.java:180)
   at org.json.JSONObject.<init>(JSONObject.java:420)
   at org.alfresco.web.site.EditionInterceptor$EditionInfo.<init>(EditionInterceptor.java:205)
   at org.alfresco.web.site.EditionInterceptor.preHandle(EditionInterceptor.java:108)
   … 27 more
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

This error is comming from class EditionInterceptor where a EditionInfo object is being created using JSONObject (passing response as a parameter) to extract users,documents and edition.

EditionInfo(String response) throws JSONException
        {
            JSONObject json = new JSONObject(response);
            this.users = json.optLong("users", -1L);
            this.documents = json.optLong("documents", -1L);
            this.edition = json.getString("licenseMode");
        }‍‍‍‍‍‍‍

The main line which might be causing the problem is

Response response = conn.call("/api/admin/restrictions?guest=true", ctx); ‍

from which response is being used to fetch users, documents and edition.

If any one has any idea about this please guide me i as am badly stuck here

matgou · ‎06-25-2012

Hy,

For Json error can you confirm that you whitelist the alfresco webservice request. I have this configuration in apache2:


<LocationMatch ^/alfresco/(?!service/|service$|webdav/|webdav$|s/|s$|scripts/|css/|images/).*>
                AuthType CAS
                AuthName "CAS"
                require valid-user
                CASScope /alfresco
                CASAuthNHeader REMOTE_USER
                Order allow,deny
                Allow from 172.0.0.1, XX.XX.XX.XX
                Satisfy any
</LocationMatch>
‍‍‍‍‍‍‍‍‍‍‍‍

sorrentinov · ‎11-04-2014

Hi

I've the same problem.
I've added the new class SlingshotAlfrescoConnetor in Alfresco and package the new alfresco-share-4.0.e.jar.
After this the authenticate with CAS I receive the error:


2014-11-04 13:08:08,346  ERROR [alfresco.web.site] [ajp-8009-1] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.WebFrameworkServiceException: Unable to process response: A JSONObject text must begin with '{' at character 47
 org.springframework.extensions.surf.exception.WebFrameworkServiceException: Unable to process response: A JSONObject text must begin with '{' at character 47
   at org.alfresco.web.site.EditionInterceptor.preHandle(EditionInterceptor.java:152)
‍‍‍‍‍

Moreover in apache2 I've the same configuration in whitelist

Any idea to solve the error?

Best Regards
Vincenzo

Hyland Connect

Alfresco 'share' SSO issue