cancel
Showing results for 
Search instead for 
Did you mean: 

External SSO in alfresco share

ramjoy22
Champ on-the-rise
Champ on-the-rise
I need to test external sso in alfresco share

I followed the steps

1. renamed alfresco-4.2.c/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml.sample as share-config-custom.xml.
2. Uncommentd both the
 <config evaluator="string-compare" and the condition="Remote"> 
sections.



<config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not
            require authentication
        </description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that
                         require user authentication
        </description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via
                         the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
        
         <endpoint>
            <id>activiti-admin</id>
            <name>Activiti Admin UI - user access</name>
            <description>Access to Activiti Admin UI, that requires user
                         authentication</description>
            <connector-id>activiti-admin-connector</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/activiti-admin
            </endpoint-url>
            <identity>user</identity>
         </endpoint>
      </remote>
    </config>

<config evaluator="string-compare" condition="Remote">
      <remote>
         <keystore>
             <path>alfresco/web-extension/alfresco-system.p12</path>
             <type>pkcs12</type>
             <password>alfresco-system</password>
         </keystore>
        
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based
                          authentication
            </description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
         </connector>
        
         <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and
             cookie-based authentication
            </description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>SsoUserHeader</userHeader>
         </connector>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user
             authentication
            </description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>



3. modified alfrsco-global.properties like ;

   authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
   external.authentication.proxyUserName=
   external.authentication.enabled=true
   external.authentication.defaultAdministratorUserNames=admin
   external.authentication.proxyHeader=SsoUserHeader

No other changes made
Do i need to do any further modifications?


i tried to access alfresco from my JSP application as follows,



Testing SSO <br>
<%

URL url1 = new URL("http://localhost:8080/share/page");
URLConnection conn = url1.openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestProperty("SsoUserHeader", "admin");
for (int i = 0;; i++) {
   String headerName = conn.getHeaderFieldKey(i); 
   String headerValue = conn.getHeaderField(i);  
   System.out.println(headerName + "==="); 
   System.out.println(headerValue); 
   if (headerName == null && headerValue == null) {     break;   }
}

%>


its giving output in console :

 
***************
null===
HTTP/1.1 200 OK
Server===
Apache-Coyote/1.1
Set-Cookie===
JSESSIONID=89E6C0A9600DDA3675EEB633F5F3A248; Path=/share/; HttpOnly
Cache-Control===
no-cache
Content-Type===
text/html;charset=utf-8
Content-Language===
en-US
Transfer-Encoding===
chunked
Date===
Wed, 17 Apr 2013 13:52:24 GMT
null===
null
*************



Connection is success here.

Now I need to test SSO.
<strong>how can i link from my jsp application to alfresco share?</strong>
<strong>when i am using response.redirect  it shows login page again</strong>

32 REPLIES 32

shibu
Champ in-the-making
Champ in-the-making
Version : Alfresco 4.2.c

<strong>Scenario</strong>                                                                             
–> A JSP application to provide a link to Alfresco.                                                 
–> User will log in to this JSP application.                                                        
–> Link to alfresco dashboard will be provided there for that user.                                 
–> Alfresco dashboard will be opened for that user with out showing log in page.                    

Configure both "share-config-custom.xml" and alfresco-global.properties" properties files.

<strong>JSP Application to provide link to Alfresco dashboard</strong>

<body>
<%= "Test alfresco SSO" %>
<br/>
<%
   String url= "http://localhost:8080/share/page";
%>
<br/>
<form method=get>
Enter the username:<input type="text" name="alfuser" />
<br/>
<input type="submit" />
</form>
<br/>
<%
   String alf_user= request.getParameter("alfuser");
   url=url+"?SsoUserHeader="+alf_user;
%>
You are going to login as: <%= alf_user  %><br/>
<a href='<%= url %>' >Click here for Alfresco Dashboard</a>
<br/>
</body>

<strong>A Filter and Wrapper classes are needed to set the header "SsoUserHeader" in the http request</strong>

1. Filter
public void doFilter(ServletRequest request, ServletResponse response,
         FilterChain chain) throws IOException, ServletException {

      // if the ServletRequest is an instance of HttpServletRequest
      if (request instanceof HttpServletRequest) {
         HttpServletRequest httpServletRequest = (HttpServletRequest) request;
         // Creating an instance of my custom request
         AlfrescoHttpServletRequestWrapper requestWrapper = new AlfrescoHttpServletRequestWrapper(httpServletRequest);
         // sending my custom request instead of the regular request
         chain.doFilter(requestWrapper, response);
      } else {
         chain.doFilter(request, response);
      }

      return;
   }

2. Wrapper Class : This wrapper will add custom headers in the request.

public class AlfrescoHttpServletRequestWrapper extends
      HttpServletRequestWrapper {

   public AlfrescoHttpServletRequestWrapper(HttpServletRequest request) {
      super(request);
   }

   @Override
   public String getHeader(String name) {
      String header = super.getHeader(name);
      // Getting the request parameter "SsoUserHeader" and adding it to the
      // header
      return (header != null) ? header : super.getParameter(name);
   }

   @Override
   public Enumeration<String> getHeaderNames() {
      List<String> names = Collections.list(super.getHeaderNames());
      names.addAll(Collections.list(super.getParameterNames()));
      return Collections.enumeration(names);
   }
}

Register the filter in the web.xml of share.
<strong>Steps to Test</strong>
1. Run the JSP application in your browser.
2. Enter the alfresco username
3. Click submit
4. Click on the link to Alfresco dashboard
5. Alfresco dashboard will open without asking login page


Thanks a lot to Mr.AFaust for the efforts taken to give reply for my doubts.

mrogers
Star Contributor
Star Contributor
The spring webscripts jar is part of the spring framework.   There's a copy checked into the "3rd party" project of alfresco.

ahmedemad3
Champ in-the-making
Champ in-the-making
hi shikhanirankari , shibu

I done all things as you said ,

1- create filter and add mapping to share/web-INF/web.xml
2- modify share-custome-config
3-add some properties to alfresco-properties

all things done but i still facing the problem in post #46
the redirect go to share login

please reply to me with solution and the paths of share-custome-config , alfresco propeties

i make alfresco propeties in my tomcat to override the one in alfresco & also share-custome-config.xml in my tomcat under the same path
its not working
and also i take them and put in alfresco/tomcat/… to their paths also not working