Hyland Connect

jpmerlin · ‎09-18-2013

Hello,

I have tested on 4.2.c and 4.2.d, on both i have the same issue.

I configure Alfresco to work with a external siteminder.
Here is my alfresco-global.properties :


## LDAP AUTH###
authentication.chain=external:external,alfrescoNtlm1:alfrescoNtlm

external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=merlin,cambier
external.authentication.proxyUserName=
external.authentication.proxyHeader=sm_user


‍‍‍‍‍‍‍‍‍‍‍

<!–break–>

my share-config-custom.xml :




<config evaluator="string-compare" condition="Remote">


        <remote>
            <connector>
               <id>alfrescoHeader</id>
               <name>Alfresco Connector</name>
               <description>Connects to an Alfresco instance using header and cookie-based authentication</description>
               <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
               <userHeader>sm_user</userHeader>
            </connector>

            <endpoint>
                <id>alfresco</id>
                <name>Alfresco - user access</name>
                <description>Access to Alfresco Repository WebScripts that require user authentication</description>
                <connector-id>alfrescoHeader</connector-id>
                <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
                <identity>user</identity>
                <external-auth>true</external-auth>
            </endpoint>

        </remote>

   </config>



‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

The login is ok on Alfresco explorer and Share.

But there is some problemes in the navigation in share.

I can't navigation in the data dictionnary for exemple but i can folder not create by alfresco install.

I can't start a workflow …

I have no trace in log, but with firebug i see somme http error 500 like this one :
for a POST at this URL
http://ecm-dev1.eic.intra/share/proxy/alfresco/api/workflow/activiti%24activitiParallelReview/formpr...

is this URL correct in a external configuration ?

Thanks for your help.

jpmerlin · ‎09-18-2013

perhaps it's my apache mod_proxy configuration ?

here is my apache conf :


LoadModule proxy_module         /usr/lib64/apache2-prefork/mod_proxy.so
LoadModule proxy_http_module         /usr/lib64/apache2-prefork/mod_proxy_http.so
ProxyRequests Off


ProxyPreserveHost Off

ProxyPass /alfresco http://ecm-dev1.eic.intra:8080/alfresco

ProxyPassReverse /alfresco http://ecm-dev1.eic.intra:8080/alfresco

ProxyPass /share http://ecm-dev1.eic.intra:8080/share

ProxyPassReverse /share http://ecm-dev1.eic.intra:8080/share

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

if i browse data dictionnary i have a http 500 on this URL


http://ecm-dev1.eic.intra/share/service/components/documentlibrary/data/doclist/all/node/alfresco/co...
‍‍‍

but if i do the same request on Tomcat directly , i have a json response who is ok:


http://ecm-dev1.eic.intra:8080/share/service/components/documentlibrary/data/doclist/all/node/alfres...
‍‍‍

jpmerlin · ‎09-19-2013

I test mod_proxy_ajp, it's change nothing.

I test with mod_jk, it's better : i can validate task from workflow, but i still can't browse folder with accent.

I was thinking it's the mod_jk who was doing something wrong with charset because the response is correct when i request Tomcat directly.

But if i remove the external authentication configuration and replace with a AD and Ntlm authentication, all is ok with the same configuration of apache/tomcat.

jpmerlin · ‎10-17-2013

The problem is resolve.
It was a problem of configuration of the external authentication system : siteminder.
By default, Siteminder don't accept special character in the URL with the properties BadCssChars and BadUrlChars.

Hyland Connect

External auth. ok but navigation in share not ok