Hyland Connect

jpmerlin · ‎09-18-2013

Hello,

I have tested on 4.2.c and 4.2.d, on both i have the same issue.

I configure Alfresco to work with a external siteminder.
Here is my alfresco-global.properties :

## LDAP AUTH###authentication.chain=external:external,alfrescoNtlm1:alfrescoNtlmexternal.authentication.enabled=trueexternal.authentication.defaultAdministratorUserNames=merlin,cambierexternal.authentication.proxyUserName=external.authentication.proxyHeader=sm_user‍‍‍‍‍‍‍‍‍‍‍

<!–break–>

my share-config-custom.xml :

<config evaluator="string-compare" condition="Remote">        <remote>            <connector>               <id>alfrescoHeader</id>               <name>Alfresco Connector</name>               <description>Connects to an Alfresco instance using header and cookie-based authentication</description>               <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>               <userHeader>sm_user</userHeader>            </connector>            <endpoint>                <id>alfresco</id>                <name>Alfresco - user access</name>                <description>Access to Alfresco Repository WebScripts that require user authentication</description>                <connector-id>alfrescoHeader</connector-id>                <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>                <identity>user</identity>                <external-auth>true</external-auth>            </endpoint>        </remote>   </config>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

The login is ok on Alfresco explorer and Share.

But there is some problemes in the navigation in share.

I can't navigation in the data dictionnary for exemple but i can folder not create by alfresco install.

I can't start a workflow …

I have no trace in log, but with firebug i see somme http error 500 like this one :
for a POST at this URL
http://ecm-dev1.eic.intra/share/proxy/alfresco/api/workflow/activiti%24activitiParallelReview/formpr...

is this URL correct in a external configuration ?

Thanks for your help.

jpmerlin · ‎09-18-2013

perhaps it's my apache mod_proxy configuration ?

here is my apache conf :

LoadModule proxy_module         /usr/lib64/apache2-prefork/mod_proxy.soLoadModule proxy_http_module         /usr/lib64/apache2-prefork/mod_proxy_http.soProxyRequests OffProxyPreserveHost OffProxyPass /alfresco http://ecm-dev1.eic.intra:8080/alfrescoProxyPassReverse /alfresco http://ecm-dev1.eic.intra:8080/alfrescoProxyPass /share http://ecm-dev1.eic.intra:8080/shareProxyPassReverse /share http://ecm-dev1.eic.intra:8080/share‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

if i browse data dictionnary i have a http 500 on this URL

http://ecm-dev1.eic.intra/share/service/components/documentlibrary/data/doclist/all/node/alfresco/co...‍‍‍

but if i do the same request on Tomcat directly , i have a json response who is ok:

http://ecm-dev1.eic.intra:8080/share/service/components/documentlibrary/data/doclist/all/node/alfres...‍‍‍

jpmerlin · ‎09-19-2013

I test mod_proxy_ajp, it's change nothing.

I test with mod_jk, it's better : i can validate task from workflow, but i still can't browse folder with accent.

I was thinking it's the mod_jk who was doing something wrong with charset because the response is correct when i request Tomcat directly.

But if i remove the external authentication configuration and replace with a AD and Ntlm authentication, all is ok with the same configuration of apache/tomcat.

jpmerlin · ‎10-17-2013

The problem is resolve.
It was a problem of configuration of the external authentication system : siteminder.
By default, Siteminder don't accept special character in the URL with the properties BadCssChars and BadUrlChars.

Hyland Connect

External auth. ok but navigation in share not ok