Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Failover for SSO (Kerberos) not working

bnice
Champ in-the-making
Champ in-the-making

‎09-16-2010 06:07 AM

Hi,

after two days of troubleshooting, I've now a running kerberos configuration with SSO.
Now I need a possibility to manually log in with an AlfrescoNTLM user.
I know, there is a backdoor to login manually (http://ip/:8080/alfresco/faces/jsp/login.jsp), but it then always switches back to kerberos.

Btw: Both user (ADS and AlfrescoNTLM) have the same username.
Labels:
0 Kudos
6 REPLIES 6

loftux
Star Contributor
Star Contributor

‎09-16-2010 06:22 AM

This is fixed in 3.4.a (not released yet), you will be redirected to a forms based login if kerberos did not work.
0 Kudos

bnice
Champ in-the-making
Champ in-the-making

‎09-16-2010 06:47 AM

So there's no other way to use Kerberos and local authentication simultaneously?
0 Kudos

loftux
Star Contributor
Star Contributor

‎09-16-2010 06:52 AM

Then I misunderstood, you should be able to use both alfresco logins and kerberos simultaneosly if you have set up the authentication chain properly (you should have both alfrescoNtlm and kerberos in the chain).
So what is not working is Alfresco Explorer doing a redirect to the manual login page if the browser does not support kerberos login (or if the ticket is invalid). You should be able to navigate directly to login.jsp, and then login with you AD username/password or Alfresco username/password.
0 Kudos

bnice
Champ in-the-making
Champ in-the-making

‎09-16-2010 08:29 AM

The issue seems to be more difficult…
I changed my global.properties to use only AlfrescoNTLM.
Then I added a new (admin) user named admin-user.
After that, I changed back authentication chain to

authentication.chain=kerberos1:kerberos,ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm

After that, I can login via the login.jsp, and it's showing "admin-user" as logged in account.
But as soon as I click on any icon, it's switching to my kerberos login (which is not a admin-account) and my admin right are gone (as it should be for that account).

Is this a bug or a configuration error?
0 Kudos

loftux
Star Contributor
Star Contributor

‎09-16-2010 09:13 AM

That is how Alfresco Explorer works. It has a filter that detects that you have a kerberos ticket for each web page request, and authenticates your request.
So for you to login with a non-kerberos account, install a second browser like firefox or google chrome (that without any config does not use kerberos), and you can do you admin tasks using that browser.
And this is not anything that will change in next version to my knowledge.
0 Kudos

bnice
Champ in-the-making
Champ in-the-making

‎09-16-2010 09:50 AM

Ahhh… Great, that really works, so I can use firefox for administration and IE for normal login via kerberos.
Thanks for you help!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC