Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Authentication problem with Alfresco Mobil with Ke...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Authentication problem with Alfresco Mobil with Kerberos authentication and LDAP sync
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2016 01:54 PM
Hi
I have problems to connect to alfresco with LDAP-Users. I activated Kerberos authentication which works perfectly for CIFS and HTTP Share. Users are synced also correctly with my LDAP configuration.
My problem is now, that Kerberos-Usernames and LDAP-Usernames are not in sync, so I cannot login on mobile-app with LDAP-Usersname. I can only connect with Kerberos-User-Name like that:
Username that is working in Mobile-APP:
"username@DOMAIN.COM"
Username not working in Mobile-APP:
"username"
Username working in Browser-Login:
"username"
When I log in with "username@DOMAIN.COM" with the mobile app, there is a new username created in Alfresco in parallel with the user "username" that comes from LDAP.
I would like to log in always only with "username" and not with "username@DOMAIN.COM". So I thin there must be something wrong inside my alfresco-global.properties:
###Configuring Kerberos authentication
kerberos.authentication.realm=DOMAIN.COM
kerberos.authentication.sso.enabled=true
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.defaultAdministratorUserNames=Administrator
kerberos.authentication.stripUsernameSuffix=true
### Configuring AD authentication ###
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=
#ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.domain.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=alfresco_ldap@domain.com
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
synchronization.synchronizeChangesOnly=false
synchronization.import.cron=0 0/5 * * * ?
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.groupSearchBase=DC=domain,DC=com
ldap.synchronization.groupQuery=(&(objectclass=group)(memberOf:1.2.840.113556.1.4.1941:=CN=GG_Alfresco,OU=DOMAIN Gruppen,DC=domain,DC=com))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.userSearchBase=DC=domain,DC=com
ldap.synchronization.personQuery=(&(objectclass=user)(|(memberOf=CN=alfresco_user,OU=DOMAIN Ressource,DC=domain,DC=com))(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(|(memberOf=CN=alfresco_user,OU=DOMAIN Ressource,DC=domain,DC=com))(userAccountControl:1.2.840.113556.1.4.803:=512)(!(whenChanged<={0})))
############################################
Does someone have an idea where my problem comes from?
Best regards,
René
I have problems to connect to alfresco with LDAP-Users. I activated Kerberos authentication which works perfectly for CIFS and HTTP Share. Users are synced also correctly with my LDAP configuration.
My problem is now, that Kerberos-Usernames and LDAP-Usernames are not in sync, so I cannot login on mobile-app with LDAP-Usersname. I can only connect with Kerberos-User-Name like that:
Username that is working in Mobile-APP:
"username@DOMAIN.COM"
Username not working in Mobile-APP:
"username"
Username working in Browser-Login:
"username"
When I log in with "username@DOMAIN.COM" with the mobile app, there is a new username created in Alfresco in parallel with the user "username" that comes from LDAP.
I would like to log in always only with "username" and not with "username@DOMAIN.COM". So I thin there must be something wrong inside my alfresco-global.properties:
###Configuring Kerberos authentication
kerberos.authentication.realm=DOMAIN.COM
kerberos.authentication.sso.enabled=true
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.defaultAdministratorUserNames=Administrator
kerberos.authentication.stripUsernameSuffix=true
### Configuring AD authentication ###
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=
#ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ldap.domain.com:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=alfresco_ldap@domain.com
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
synchronization.synchronizeChangesOnly=false
synchronization.import.cron=0 0/5 * * * ?
synchronization.allowDeletions=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.groupSearchBase=DC=domain,DC=com
ldap.synchronization.groupQuery=(&(objectclass=group)(memberOf:1.2.840.113556.1.4.1941:=CN=GG_Alfresco,OU=DOMAIN Gruppen,DC=domain,DC=com))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.userSearchBase=DC=domain,DC=com
ldap.synchronization.personQuery=(&(objectclass=user)(|(memberOf=CN=alfresco_user,OU=DOMAIN Ressource,DC=domain,DC=com))(userAccountControl:1.2.840.113556.1.4.803:=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass=user)(|(memberOf=CN=alfresco_user,OU=DOMAIN Ressource,DC=domain,DC=com))(userAccountControl:1.2.840.113556.1.4.803:=512)(!(whenChanged<={0})))
############################################
Does someone have an idea where my problem comes from?
Best regards,
René
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2016 07:08 AM
Hi again
I tried different things to solve my problem with Alfresco Mobile Application on Android but I am still not able to login even though Login is working correctly with the browser by using UID as Login-ID. Also Kerberos authentication for CIFS and Share SSO is working.
When I try to login with Alfresco Mobil I get the following error in the log:
2016-02-09 12:52:04,722 DEBUG [app.servlet.KerberosAuthenticationFilter] [ajp-apr-8009-exec-9] Unknown SPNEGO token type
2016-02-09 12:52:04,722 DEBUG [app.servlet.KerberosAuthenticationFilter] [ajp-apr-8009-exec-9] Clearing session.
2016-02-09 12:52:04,722 DEBUG [app.servlet.KerberosAuthenticationFilter] [ajp-apr-8009-exec-9] Issuing login challenge to browser.
It seems, that the mobil-application does not find the alfresco user (synced to alfresco with ldap) when I try to login with UID. In Browser Share I also use the same username and it works perfectly. For kerberos the authentication is done with UID@DOMAIN.LOCAL. This works also for the mobile application but this is not what I expect because, then a new independent user with UID@DOMAIN.LOCAL is created automatically in Alfresco.
My authentication-chain looks as followed:
authentication.chain=ldap-ad1:ldap-ad,kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm
As I understand the online-descriptions in docs.alfresco.com, ldap shout be used before kerberos to authenticate the user. But why the ldap-authentication is not working in the mobile-app but it is in the browser share?
Hope someone can help me to find the reason of my problem or what could I do to debug this situation?
Thank you very much.
Best regards,
René
I tried different things to solve my problem with Alfresco Mobile Application on Android but I am still not able to login even though Login is working correctly with the browser by using UID as Login-ID. Also Kerberos authentication for CIFS and Share SSO is working.
When I try to login with Alfresco Mobil I get the following error in the log:
2016-02-09 12:52:04,722 DEBUG [app.servlet.KerberosAuthenticationFilter] [ajp-apr-8009-exec-9] Unknown SPNEGO token type
2016-02-09 12:52:04,722 DEBUG [app.servlet.KerberosAuthenticationFilter] [ajp-apr-8009-exec-9] Clearing session.
2016-02-09 12:52:04,722 DEBUG [app.servlet.KerberosAuthenticationFilter] [ajp-apr-8009-exec-9] Issuing login challenge to browser.
It seems, that the mobil-application does not find the alfresco user (synced to alfresco with ldap) when I try to login with UID. In Browser Share I also use the same username and it works perfectly. For kerberos the authentication is done with UID@DOMAIN.LOCAL. This works also for the mobile application but this is not what I expect because, then a new independent user with UID@DOMAIN.LOCAL is created automatically in Alfresco.
My authentication-chain looks as followed:
authentication.chain=ldap-ad1:ldap-ad,kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm
As I understand the online-descriptions in docs.alfresco.com, ldap shout be used before kerberos to authenticate the user. But why the ldap-authentication is not working in the mobile-app but it is in the browser share?
Hope someone can help me to find the reason of my problem or what could I do to debug this situation?
Thank you very much.
Best regards,
René
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2016 07:13 PM
You need to give more information: which exact version of Alfresco are you using? Have you tested with CMIS Workbench using HTTP Basic auth?
Thanks,
Mike
Thanks,
Mike
Related Content
- How to call Alfresco REST APIs using OAuth instead of Basic Auth? in Alfresco Forum
- Authentication from Java Rest APi extension project in Alfresco Forum
- Alfresco Community Edition 23.4 Release Notes in Alfresco Blog
- How to authenticate at API in Alfresco 23.2.0 Comminity addition in Alfresco Forum
- ldapS configuration for samba-ad in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
