Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- NTLM authentication config for Share 3.4
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
NTLM authentication config for Share 3.4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2010 06:43 AM
Hi,
I recently implemented the alfresco 3.4 version to make test.
I don't arrive to configure share to do NTLM authentication, i try to do the same configuration than the 3.3, but it seems it doesn't work. SSO is enable for passthru systems and i edited web.xml and share-config-custom.xml, after i cannot login to share. NTLM works perfectly with alfresco explorer.
Any ideas ?
Thanks & Regards
Bruno
I recently implemented the alfresco 3.4 version to make test.
I don't arrive to configure share to do NTLM authentication, i try to do the same configuration than the 3.3, but it seems it doesn't work. SSO is enable for passthru systems and i edited web.xml and share-config-custom.xml, after i cannot login to share. NTLM works perfectly with alfresco explorer.
Any ideas ?
Thanks & Regards
Bruno
Labels:
- Labels:
-
Archive
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2010 07:43 AM
Hi,
The web-tier SSO filters were refactored in 3.4 - so instead of multiple filters (NTLM, Kerberos etc.) that you previously enabled in web.xml, there is now a single SSO filter that controls all.
It also means that you no longer need to edit web.xml - infact you should revert your changes. It should look like this:
and that's it! I will update the wiki appropriately now.
Kev
The web-tier SSO filters were refactored in 3.4 - so instead of multiple filters (NTLM, Kerberos etc.) that you previously enabled in web.xml, there is now a single SSO filter that controls all.
It also means that you no longer need to edit web.xml - infact you should revert your changes. It should look like this:
<filter>
<description>Share SSO authentication support filter.</description>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.site.servlet.SSOAuthenticationFilter</filter-class>
<init-param>
<param-name>endpoint</param-name>
<param-value>alfresco</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/page/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/p/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/proxy/*</url-pattern>
</filter-mapping>
<config evaluator="string-compare" condition="Remote">
<remote>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
and that's it! I will update the wiki appropriately now.
Kev
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2010 08:07 AM
I have updated the wiki: http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Alfresco_Share_SSO_using_NTLM
Sorry for the confusion! But hopefully it is better now you do not need to edit web.xml.
Kev
Sorry for the confusion! But hopefully it is better now you do not need to edit web.xml.
Kev
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2010 09:36 AM
Hi kevinr,
I made the update on my configuration files but it doesn't work.
My web.xml file :
Any ideas ?
Thanks for your support
Bruno
I made the update on my configuration files but it doesn't work.
My web.xml file :
<?xml version='1.0' encoding='UTF-8'?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<display-name>Alfresco Project Slingshot</display-name>
<description>Alfresco Project Slingshot application</description>
<context-param>
<param-name>org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL</param-name>
<param-value>true</param-value>
</context-param>
<!– Spring Application Context location and context class –>
<context-param>
<description>Spring config file location</description>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/web-application-config.xml</param-value>
</context-param>
<filter>
<description>Set HTTP cache Expires header 30 days forward for a mapping.</description>
<filter-name>CacheExpiresFilter</filter-name>
<filter-class>org.alfresco.web.scripts.servlet.StaticAssetCacheFilter</filter-class>
<init-param>
<description>Add an Expires Header 30 days forward</description>
<param-name>expires</param-name>
<param-value>30</param-value>
</init-param>
</filter>
<filter>
<description>MT authentication support - NOTE: does not support portlets</description>
<filter-name>MTAuthentationFilter</filter-name>
<filter-class>org.alfresco.web.site.servlet.MTAuthenticationFilter</filter-class>
</filter>
<filter>
<description>Redirects view and service URLs to the dispatcher servlet.</description>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter>
<description>Share SSO authentication support filter.</description>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.site.servlet.SSOAuthenticationFilter</filter-class>
<init-param>
<param-name>endpoint</param-name>
<param-value>alfresco</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/page/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/p/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/proxy/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/service/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/feedservice/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/res/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/system/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheExpiresFilter</filter-name>
<url-pattern>*.jpg</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheExpiresFilter</filter-name>
<url-pattern>*.png</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheExpiresFilter</filter-name>
<url-pattern>*.gif</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheExpiresFilter</filter-name>
<url-pattern>*.css</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheExpiresFilter</filter-name>
<url-pattern>*.gif</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheExpiresFilter</filter-name>
<url-pattern>*.css</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheExpiresFilter</filter-name>
<url-pattern>*.js</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>MTAuthentationFilter</filter-name>
<url-pattern>/page/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>MTAuthentationFilter</filter-name>
<url-pattern>/p/*</url-pattern>
</filter-mapping>
<!– Spring Context Loader listener - the name of the default global context is passed to the DispatcherServlet
in the servlet definition below - this is to allow the NTLM filter etc. to find the single app context –>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring Surf Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.context.WebApplicationContext.ROOT</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring Surf Dispatcher Servlet</servlet-name>
<url-pattern>/page/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Spring Surf Dispatcher Servlet</servlet-name>
<url-pattern>/p/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<!– welcome file list precedence order is index.jsp, then index.html –>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
<alfresco-config>
<!–
NTLM authentication config for Share
NOTE: you will also need to enable the NTLM authentication filter in Share web.xml
change localhost:8080 below to appropriate alfresco server location if required
–>
<config evaluator="string-compare" condition="Remote">
<remote>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://t-alfresco:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
<!– Repository Library config section –>
<config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
<!–
Whether the link to the Repository Library appears in the header component or not.
–>
<visible>true</visible>
</config>
<config evaluator="string-compare" condition="Remote">
<remote>
<endpoint>
<id>alfresco-noauth</id>
<name>Alfresco - unauthenticated access</name>
<description>Access to Alfresco Repository WebScripts that do not require authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<identity>none</identity>
</endpoint>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<identity>user</identity>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>http</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<basic-auth>true</basic-auth>
<identity>user</identity>
</endpoint>
</remote>
</config>
</alfresco-config>
Any ideas ?
Thanks for your support
Bruno
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2010 09:47 AM
The web.xml is missing this filter-mapping (bug fix - will be present in 3.4.b Community release due next week):
However the reason it is not working at all: you need to remove this block from the Remote section lower down in your config:
Otherwise you are effectively overriding the same value twice i.e. the alfresco endpoint is overridden once to enable NTLM, then you override it again later in the config file. I assume you should also update the endpoint-url values remaining in that section to t-alfresco:8080.
Kev
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/proxy/*</url-pattern>
</filter-mapping>However the reason it is not working at all: you need to remove this block from the Remote section lower down in your config:
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<identity>user</identity>
</endpoint>Otherwise you are effectively overriding the same value twice i.e. the alfresco endpoint is overridden once to enable NTLM, then you override it again later in the config file. I assume you should also update the endpoint-url values remaining in that section to t-alfresco:8080.
Kev
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2010 11:31 AM
It works perfectly !
Thanks a lot and have a nice day
Thanks a lot and have a nice day
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2010 07:31 PM
Hi guys,
I have a problem… I've setup my environment exactly as explained here but when Alfresco Share is loaded nothing appears, a blank page is flushed.
I've indeed successfully configured Alfresco Explorer (/alfresco) with external authentication and X-Alfresco-Remote-User, now I'd like to enable the same for Share, is there anything I can do? Is correct to sort out the NTLM configuration or I completely misunderstood wiki?
I hope someone can help me,
Thanks,
N.
I have a problem… I've setup my environment exactly as explained here but when Alfresco Share is loaded nothing appears, a blank page is flushed.
I've indeed successfully configured Alfresco Explorer (/alfresco) with external authentication and X-Alfresco-Remote-User, now I'd like to enable the same for Share, is there anything I can do? Is correct to sort out the NTLM configuration or I completely misunderstood wiki?
I hope someone can help me,
Thanks,
N.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-28-2010 10:12 AM
Hi,
I have done my SSO for alfresco and Share using 3.4b ver.
Alfresco is working fine but the Share is not working with IE 7.0 and older version.
Pls help.
I have done my SSO for alfresco and Share using 3.4b ver.
Alfresco is working fine but the Share is not working with IE 7.0 and older version.
Pls help.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2011 04:03 PM
Related Content
- Unable to create "share.log" in Alfresco Forum
- Alfresco Community Edition 23.4 Release Notes in Alfresco Blog
- How to create doclib with custom T-Engine in Alfresco Forum
- Something's wrong with this page...When login share in Alfresco Forum
- Unable to use Identity Service (Keycloak) for authentication in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
