Hyland Connect

sicknick · ‎04-14-2014

I have been confused as to which file the authentication chain looks at. From my understanding, if I define my authentication chain as:

<blockcode>authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad</blockcode>

I understood that ldap1 refers to a directory I created (ldap1) within the ldap-ad authentication subsystem folder, with my ldap-ad properties file:

<blockcode>/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/ldap1/ldap-ad-authentication.properties</blockcode>

From the log errors I received, I noticed that it actually reads the file from:

<blockcode>/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/ldap-ad-authentication.properties</blockcode>

I don't mind using that one, I was just curious what the best practice is.

mrogers · ‎04-14-2014

Your ldap1 subsystem is in the wrong place. It should go under the shared/extension folder since it your config. And if you have a simple chain like yours then just put your properties in alfresco-global.properties. No need to touch the subsystem config at all.

sfahey · ‎01-28-2016

This is nearly exactly my question, I want to default the configuration of our external authentication subsystem using an AMP module, so we can simply drop the AMP in, apply, and restart without having to make additional modifications. That being said, I've been attempting to set the properties such as:

webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\external\external-apache\external-authentication.properties

external.authentication.defaultAdministratorUserNames=admin
external.authentication.enabled=true
external.authentication.proxyUserName=
external.authentication.proxyHeader=X-Alfresco-Remote-User
external.authentication.userIdPattern=

and in:
webapps\alfresco\WEB-INF\classes\alfresco\module\clifton-alfresco-repo\alfresco-global.properties

ntlm.authentication.sso.enabled=false
authentication.chain=external-apache:external,alfrescoNtlm:alfrescoNtlm

I've tried various locations and names (e.g. dropping external-apache from the path, and just placing in the 'external' dir, or using 'external-filter.properties' as the filename instead, etc.

This is my first amp module that contains some other default configurations (e.g. folder structure, aspects, custom action, etc), but I just don't understand why the external auth works when I place all of the configs about in the shared/classes/alfresco-global.properties, but not when defined in (what I think) is the proper path within the module itself.

Even based on the descriptions of the way the properties files are loaded makes me think it 'should' work:

(From 'https://wiki.alfresco.com/wiki/Alfresco_Subsystems#Configuring_Subsystems'):
________________________________________
Precedence
As discussed above, the precedence for the configuration properties files for subsystems are :
JMX changes persisted in the database

>> precedes >>

attribute changes made in a specific subsystem
* shared/classes/alfresco/extension/subsystems/<category>/<type>/<id>

>> precedes >>

attribute changes made in the default subsystem
* shared/classes/alfresco/extension/subsystems/<category>/default/default

>> precedes >>

attribute changes made in the global.properties
* shared/classes/alfresco-global.properties

>> precedes >>

default attribute values set in:

* webapps/alfresco/WEB-INF/classes/alfresco/subsystems/<category>/<type>/<id>
—————————————————

What am I not understanding correctly?
Thanks,
Steve

mrogers · ‎01-29-2016

Don't put any or your configuration into your "webapps" or exploded WEB-INF folder.

Hyland Connect

Authentication Subsystem