Hyland Connect

mathias_lin · ‎02-02-2016

I try to add Alfresco 5.0.d CE as a Sharepoint place within MS Office Mobile (Android 5).
Sharepoint protocol and online edit via Share generally works fine with MS Office desktop version. VTI is configured to run via https on port 7070 (as per http://blyx.com/2014/04/01/alfresco-tip-how-to-enable-ssl-in-alfresco-sharepoint-protocol/).

But the mobile app throws a problem: when I try to connect, the MS Office mobile app gives me the error: <strong>"We don't support this authentication scheme."</strong>

Screenshot: http://snag.gy/FZgir.jpg

alfresco-global.properties:



# Authentication Chain (sorba1:sorba is my custom authentication)
authentication.chain=alfrescoNtlm1:alfrescoNtlm,sorba1:sorba
…
# Sharepoint / VTI
vti.server.port=7070
vti.server.protocol=https
vti.server.ssl.keystore=C:\\path\\to\\MyCert.pfx
vti.server.ssl.password=SomeSecretPassword
vti.server.url.path.prefix=/alfresco
vti.server.external.host=alfresco.mydomain.com
vti.server.external.port=7070
vti.server.external.protocol=https
vti.server.external.contextPath=/alfresco

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I found this forum post, but it's not really helpful:
http://answers.microsoft.com/en-us/mobiledevices/forum/mdlumia-mdupdate/sharepoint-doesnt-support-th...

eswbitto · ‎02-02-2016

What operating system are you running Alfresco on? Need these kind of details.

We are using Centos with apache as a reverse proxy and had to configure in a way for the mobile app to work. If you have a similar setup I can post the notes I have for it.

mathias_lin · ‎02-04-2016

I'm on Windows Server 2012 R2, with Alfresco 5.0.d CE. I have Alfresco running just on Tomcat (port 8080) without any reverse proxy / httpd in front.

<strong>Update:</strong>

I did setup a reverse proxy now (Apache httpd), but I still don't see how port 7070 fits in there exactly. I search for other posts, and contrary to the first blog I found, they usually use 443 as the external VTI port, and not 7070.

<ul>
<li> https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/ssl-...
<li> https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/prox...
<li> https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/shar...
<li> https://github.com/marsbard/puppet-alfresco/issues/18
</ul>

Now, this is my vti setting:


vti.server.port=7070
vti.server.protocol=http
vti.server.ssl.keystore=C:/Alfresco/alf_data/keystore/ssl.keystore
vti.server.ssl.password=kT9X6oe68t
vti.server.url.path.prefix=/alfresco
vti.server.external.host=drive.sorba.ch
vti.server.external.port=443
vti.server.external.protocol=https
vti.server.external.contextPath=/alfresco
‍‍‍‍‍‍‍‍‍‍‍

and this is the virtual host config:


<VirtualHost *:80>

   #LoadModule rewrite_module modules/mod_rewrite.so

   RewriteEngine   on
   RewriteCond     %{SERVER_PORT}   !^443$
   RewriteRule     ^(.*)$           https://alfresco.mycompany.ch/share$1       [R=301,NC,L]

</VirtualHost>

<VirtualHost *:443>
        ServerAdmin mlin@mycompany.ch
        ServerName alfresco.mycompany.ch

        # share is our default application
        Redirect / /share/

        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn

        #   SSL Engine Switch:
        SSLEngine on

        SSLCertificateFile      /etc/ssl/certs/chainfile.domaincert.key.crt
        SSLCertificateKeyFile   /etc/ssl/private/Star_MyCompany.key
        SSLCertificateChainFile /etc/ssl/certs/chainfile.domaincert.key.crt

         <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>


        # SSL Protocol Adjustments:
        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        TimeOut 3600
        KeepAlive On

        # Einstellungen fuer den Alfresco-Tomcat
        AddDefaultCharset UTF-8

        # Einstellungen fuer den AJP Proxy
        ProxyPass               /alfresco       http://alfresco.mycompany.ch:8080/alfresco
        ProxyPassReverse        /alfresco       http://alfresco.mycompany.ch:8080/alfresco

        ProxyPass               /share          http://alfresco.mycompany.ch:8080/share
        ProxyPassReverse        /share          http://alfresco.mycompany.ch:8080/share

        <Proxy *>
           AddDefaultCharset on
           Order deny,allow
           Allow from all
       </Proxy>

</VirtualHost>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

How does the port 7070 configuration (ProxyPass, ProxyPassReverse) fit in here? In other forum postings, I also so some RuleConditions where they check for the client to be of "Microsoft Office" beforehand. Not sure how to proceed from here now. Thanks for any advice.

eswbitto · ‎02-05-2016

The reverse proxy really just handles the SSL handshake instead of allowing alfresco to do it. Usually you would have a direct connection from your alfresco server to your proxy server because that connection will not be SSL. I am about to leave the office, but on Tuesday (sorry long weekend) I can post notes I have for linux and see if you can incorporate that into your setup.

Hyland Connect

Alfresco/Sharepoint and MS Office Mobile: 'We don't support this authentication scheme.'