Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

explorer wonks out when using kerberos SSO in FF and safari

ofrxnz
Champ in-the-making
Champ in-the-making

‎08-05-2009 02:24 PM

So, in alfresco 3.2 i have configured kerberos to work for both cifs and http.  everything works fine.

when i turn on kerberos sso, IE authentication works great….

however, when SSO is enabled the most current version of firefox will seem to authenticate and, redirect from http://<server>/alfresco to http://<server>/alfresco/faces/jsp/dashboards/container.jsp and then just hang on a white screen with no content.   it is not trying to load. 

when i perform the same test on safari(win) i am prompted for a username and password when i enter this, it redirects as above then safari crashes

here is the Kerberos debug from the safari and FF tests…I believe the "client sent…" was for the safari tests

14:05:03,399 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.254.125 (192.168.254.125:3074)
14:05:07,258 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.254.125 (192.168.254.125:3074)
14:05:21,837 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.254.125 (192.168.254.125:3074)
14:05:56,850 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.254.125 (192.168.254.125:3140)
14:06:09,044 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] Client sent an NTLMSSP security blob
14:06:32,783 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.254.125 (192.168.254.125:3186)
14:06:54,182 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] Client sent an NTLMSSP security blob
14:11:14,365 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.254.125 (192.168.254.125:3527)
14:11:20,391 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.254.125 (192.168.254.125:3529)

any ideas on the cause of this or how to fix it?
Labels:
0 Kudos
2 REPLIES 2

esafonov
Champ in-the-making
Champ in-the-making

‎10-01-2009 02:16 AM

My situation looks the same: Only Internet Explorer 8 works with Alfresco SSO (Kerberos) login. Other browsers I tryed (Firefox 3.5 / Windows, Firefox 3.5 / Linux, IE 7) does not work, displaying a blank page and nothing more.

Alfresco use "WWW-Authenticate: Negotiate" method for Kerberos SSO.
Firefox need to be configured, to enable this authentication method. You can enable SSO authentication for a specific areas of network, in terms of host(s), or/and domain(s).

This one helped me with Firefox, go to
http://about:config
search for 
network.negotiate-auth.trusted-uris
Change this parameter: to full hostname of your server, running alfresco, i.e.:
network.negotiate-auth.trusted-uris=my_alfresco_server.mydomain
After this, FF works with Kerberos SSO to this host.
0 Kudos

xkahn
Champ in-the-making
Champ in-the-making

‎11-10-2009 12:08 PM

You may also need to make sure your Java install supports your Kerberos keytab.  I was seeing errors with my key with was encrypted with "AES-256 CTS mode with 96-bit SHA-1 HMAC"

It took me quite a bit of debugging to discover that I needed to install "JCE Unlimited Strength Jurisdiction Policy Files 6 Release Candidate" from SUN.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC