Hyland Connect

alfsender · ‎12-05-2012

Hi All,

We have done integration of site-minder with alfresco, so now when user logs into Site-minder he/she directly gets logged in to Alfresco.

But after login if we hit any webscript url its asking for username and password.
is there any way where if user is logged in and hit webscript url it should not ask for user name and password ?

I have tried with appending ticket with webscript url, it works but for that we need username and password of user who is logged in to system.

Is there any other way we can achieve our target without passing ticket to hit webscript ?

please provide your valuable suggestion.

Thank you.

ggorin · ‎01-07-2013

Hi,

Maybe it's too late for you, but it can be useful for others.
We are using Alfresco with Share with SiteMinder from version 3.2 to 4.0 so here are our configuration:

We have 2 serves, one for Share, the second for Alfresco. Each are installed on RHEL with tomcat 6 and apache 2. Apache is used for http access through AJP connector.

Front server with share:
in share/WEB-INF/classes/alfresco/web-extension/share-config-custom-urlBack.xml define something like this:

        
       <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://<Front FQDN>/proxy/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
             <description>Alfresco Feed - supports basic HTTP  authentication via the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://<Front FQDN>/proxy/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

in apache, define a new vhost


<VirtualHost *:80>
        ServerName      <Front FQDN>
        ServerAlias        <Front alias name>


        <LocationMatch "^/+$">
                RedirectPermanent / http://<Front FQDN>/share        
        </LocationMatch>


        ProxyPass /share ajp://<Front FQDN>:8009/share
        ProxyPassReverse /share ajp://<Front FQDN>:8009/share
        ProxyPassReverseCookieDomain <Front FQDN> <Front FQDN>
        ProxyPassReverseCookiePath /share /share


        ProxyPass /proxy http://<Back FQDN>
        ProxyPassReverse /proxy http://<Back FQDN>
        ProxyPassReverseCookieDomain <Front FQDN> <Back FQDN>
        ProxyPassReverseCookiePath /proxy /

</VirtualHost>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

In the alfresco back server:
In apache define a new vhost:


<VirtualHost *:80>
    ServerName  <Back FQDN>
    ServerAlias <Back Alias>


        ProxyPass /alfresco ajp://<Back FQDN>:8009/alfresco
        ProxyPassReverse /alfresco ajp://<Back FQDN>:8009/alfresco
        ProxyPassReverseCookieDomain <Back FQDN> <Back FQDN>
        ProxyPassReverseCookiePath /alfresco /alfresco
</VirtualHost>

‍‍‍‍‍‍‍‍‍‍‍‍‍

In alfresco-global.properties change lines like this:


#ntlm.authentication.sso.enabled=true

alfresco.context=alfresco
alfresco.host=<Back FQDN>
alfresco.port=80
alfresco.protocol=http
#
share.context=workeo
share.host=<Front FQDN>
share.port=80
share.protocol=http
‍‍‍‍‍‍‍‍‍‍‍‍‍

Verify that your HTTP headers receive the REMOTE_USER on you Alfresco Server.

Sincerely

vsilvestri · ‎02-04-2016

Do you happen to use the "edit online" feature within Share as well? I'm running into an issue where Word launches but the document is blank and never renders. Curious if you are seeing this issue as well.

mandalinaveen · ‎10-19-2014

Hi,

Might be too late for you… this will be resolved by using wcservice instead of service in web script url.

Regards,
Naveen.

Hyland Connect

Alfresco Siteminder SSO