Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

authentication problems 2.0.2

boston
Champ in-the-making
Champ in-the-making

‎10-17-2014 04:41 AM

Hi,
I have installed Alfresco server 4.2.e. When connecting from mobile client v. 2.0.1 (iOS) everything is OK. But with mobile client v. 2.0.2 got authentication problem.
How could I fix it?
Thanx!
Labels:
0 Kudos
19 REPLIES 19

andrepra
Champ in-the-making
Champ in-the-making
In response to gavinc

‎11-11-2014 05:23 AM

I'm facing the same problem (authentication after saving the account setting) with version 2.0.2 on Alfresco Community 4.0.0. Using an old version of the app (1.5.3.90) everything works fine.
I tried the following url with a browser
http://<host>/alfresco/service/api/server
here the response

{
   "data":
   {
      "edition": "Community",
      "version": "4.0.0 (4003)",
      "schema": "5025"
   }
}


and the following
http://<host>/alfresco/service/cmis
http://<host>/alfresco/cmisatom
after basic authentication returns the cmis xml (inside the file all the url have the correct host and port)

Installation is on port 80 (no SSL).
I have a similar installation using SSL protocol (443) that works fine.


0 Kudos

andrepra
Champ in-the-making
Champ in-the-making
In response to andrepra

‎11-11-2014 09:11 AM

Sorry, forget my post. It was a problem of the reverse proxy configuration.  
0 Kudos

gavinc
Champ in-the-making
Champ in-the-making

‎10-22-2014 03:23 AM

You shouldn't add the /cmisatom to the "service document" in the mobile client, this should be set to "/alfresco". The mobile app will determine the best URL to use according to the result of the /service/api/server (hence asking you both to check this URL is working).

If both these URLs are working for you and the contents of the CMIS discovery response is correct (URLs match) I'm not sure what is going wrong to be honest. We have a couple of options, either you capture the network traffic between the iPhone/iPad and your repository and post it here or if either of you could provide a test account to your system so that we can attach a debug version of the app and see what's going on. Feel free to send any auth details directly to me at gavin dot cornwell at alfresco dot com.
0 Kudos

gavinc
Champ in-the-making
Champ in-the-making

‎10-22-2014 06:56 AM

Boston has kindly given me access to their system so I was able to see what is happening.

The first URL is indeed working as expected, however the /alfresco/cmisatom URL is failing in a REST client, I receive a 500 error with the following exception in the HMTL response:


java.lang.NullPointerException
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType3(BaseNTLMAuthenticationFilter.java:569)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:297)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:135)
at sun.reflect.GeneratedMethodAccessor560.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)


I suspect when you guys tried this URL in your browser the NTLM process was handled by the browser which is why you saw it working. Unfortunately the app can not handle NTLM, it uses basic authentication and thus you are seeing the authentication error.

In 2.0.1, in this scenario, the app used to fallback to use the /service/cmis endpoint. This URL has been removed from 5.0 servers so v2.0.2 uses a different algorithm to determine which URL to use and no fallback takes place, this is why you're no longer able to connect.

In order for the app to work I presume your Alfresco admin has either excluded /alfresco/service URLs from being subject to NTLM or there is some other form of workaround to allow the app to communicate with your repository. This same configuration/workaround needs to be applied to allow alfresco/cmisatom URLs to be authenticated using basic auth.

Hope this helps you both.
0 Kudos

stephanep
Confirmed Champ
Confirmed Champ
In response to gavinc

‎10-23-2014 06:03 AM

Hi gavinc,

Thanks for this tips because we have the same problem than boston for Alfresco Entreprise 4.1.4. Is it enough to comment on the 

<filter-mapping>
  <filter-name> Global Authentication Filter </ filter-name>
  <url-pattern> / cmisatom / * </ url-pattern>
</ filter-mapping>

<filter-mapping>
  <filter-name> Authentication Filter </ filter-name>
  <url-pattern> / cmisatom / * </ url-pattern>
</ filter-mapping>

in web.xml or should we do something different file to fix this problem?

Thanks in advance.
0 Kudos

gavinc
Champ in-the-making
Champ in-the-making

‎10-24-2014 08:41 AM

No, you shouldn't change anything in web.xml, this will be a change outside of the core product. Your Alfresco administrator or IT department will most likely need to update any configuration they have put in place.

URLs of the form "hostSmiley Tongueort/alfresco/service/…" are working (presuming the 2.0.1 app was working ok for you) so whatever configuration was applied to allow those to work will need to be applied for "hostSmiley Tongueort/alfresco/cmisatom/…" URLs.

Hope that helps!
0 Kudos

nishantqwerty
Champ in-the-making
Champ in-the-making
In response to gavinc

‎11-09-2014 09:59 PM

Hi Gavin,
There were no configurations done for the "hostSmiley Tongueort/alfresco/service/…" to work with iOS app 2.0.1.
It worked as it is, out of the box.
Would it be a good idea to redirect the GET requests from "hostSmiley Tongueort/alfresco/cmisatom/…" to "hostSmiley Tongueort/alfresco/service/…" at the server side?
If yes, how can we do this?
Thank You,
0 Kudos

gavinc
Champ in-the-making
Champ in-the-making
In response to nishantqwerty

‎11-12-2014 03:41 AM

Yes, in the last couple of days we have discovered a "known issue" with the server where the /cmisatom URL does not fallback to basic authentication when SSO is enabled. I believe this has been fixed for the next 4.2 service pack release.

In the meantime, yes, I think the best way forward for you is to redirect the …/cmisatom URLs to …/service/cmis, in fact this is exactly what another customer did to workaround this issue, see https://issues.alfresco.com/jira/browse/MOBILE-3084

How this is done will be dependent on your environment, typically it would be done with an Apache URL rewrite rule or something similar.
0 Kudos

nishantqwerty
Champ in-the-making
Champ in-the-making
In response to gavinc

‎11-24-2014 10:25 PM

Hi Gavin,
I have been trying to use Apache URL rewrite rule for redirecting the …/cmisatom URLs to …/service/cmis but all in vain.
Can you please send me a sample of the rewrite rule that can be used for this redirection?
I have tried the following :
–<VirtualHost *:80>
    ServerName <servername>
    AllowEncodedSlashes On

  

    RewriteEngine On
   # Redirect http://ip or url:8080/alfresco/cmisatom http://ip or url:8080/alfresco/service/cmis
   # Redirect http://ip or url/alfresco/cmisatom http://ip or url:8080/alfresco/service/cmis
   # Redirect /alfresco/cmisatom http://ip or url:8080/alfresco/service/cmis
     RewriteRule ^/alfresco/cmisatom$ http://ip or url:8080/alfresco/service/cmis [R]

    #proxy /alfresco and /share calls to the alfresco server
    ProxyPass /share ajp://localhost:8009/share
    ProxyPassReverse /share ajp://localhost:8009/share

    ProxyPass /alfresco ajp://localhost:8009/alfresco
    ProxyPassReverse /alfresco ajp://localhost:8009/alfresco



–</VirtualHost>

0 Kudos

102020
Champ on-the-rise
Champ on-the-rise

‎11-19-2014 01:59 PM

Hey there,
we have same issue, running on 4.2.f community though. Using SSO and latest iOS app from the store. I'm about to test in the sandbox to exclude any customization we have done.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC