Hyland Connect

mykhailos · ‎09-22-2015

Hi Alfresco Team,

I have my Alfresco 5.0 server configured for LDAP Authentication. We have an application which communicate to Alfresco thought Open CMIS (version 0.11.0).

1) AtomPub binding Sample Code we are using in our app:
Map<String, String> parameters = new HashMap<String, String>();
parameters.put(SessionParameter.USER, user);
parameters.put(SessionParameter.PASSWORD, password);
parameters.put(SessionParameter.ATOMPUB_URL, url); // service document URL
CmisBindingFactory factory = CmisBindingFactory.newInstance();
CmisBinding binding = factory.createCmisAtomPubBinding(parameters);
2) Web Services binding Sample Code we are using in our app:
Map<String, String> parameters = new HashMap<String, String>();
parameters.put(SessionParameter.USER, username);
parameters.put(SessionParameter.PASSWORD, password);
parameters.put(SessionParameter.WEBSERVICES_REPOSITORY_SERVICE, repositoryServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_NAVIGATION_SERVICE, navigationServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_OBJECT_SERVICE, objectServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_VERSIONING_SERVICE, versioningServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_DISCOVERY_SERVICE, discoveryServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_RELATIONSHIP_SERVICE, relationshipServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_MULTIFILING_SERVICE, multiFilingServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_POLICY_SERVICE, policyServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_ACL_SERVICE, aclServiceWsdlUrl);
CmisBindingFactory factory = CmisBindingFactory.newInstance();
CmisBinding binding = factory.createCmisWebServicesBinding(parameters);

By default Open CMIS use org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider, which sends username and password to Alfresco and it works fine with AtomPub and Web Services binding.

Now we configured Alfresco 5.0 server for KERBEROS Authentication, and it works fine. I'm not prompted to enter username and password when I login thought browser.
I am trying to call an Alfresco web service where I would like to use kerberos ticket (or kerberos related info) for authentication purpose. To do that we developed our Custom Authentication Provider as described https://chemistry.apache.org/java/developing/client/dev-client-bindings.html

Sample code we are using in our app to send Kerberos related info through org.example.opencmis.MyAuthenticationProvider:
Map<String, String> parameters = new HashMap<String, String>();
parameters.put(SessionParameter.AUTHENTICATION_PROVIDER_CLASS, "org.example.opencmis.MyAuthenticationProvider");

I'm interesting in what parameter should I put KERBEROS ticket for AtomPub and Web Services binding. My question is instead of passing user name and password directly is it possible to pass any kerberos ticket or any secured information related to it to make web service calls. I am trying to avoid sending the user name and password. Please help me if anyone has any idea about it

tcuser · ‎09-28-2017

I have the exact same question. As I did'n find the answer, I had to make a huge workaround... to summarize, I generated a kerberos token, put it in the request header to call for an Alfresco ticket (with a custom login webscript), and use it to create de CMIS session.

But sometimes it crashes, returning an Unauthorized message when trying to get the ticket, I haven't found a pattern to reproduce it.

Is there any fancy, shorter, easier way to do this? Thanks in advence!!

(I'm working with Alfresco 4.2 btw)

Hyland Connect

How to pass Kerberos credential (ticket) to Alfresco through Open CMIS