Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- NTLM Authentication
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
NTLM Authentication
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2007 10:04 AM
I am encountering a problem using NTLM authentication on Alfresco 2.1…
When I log in using Firefox, the browser prompts for login.
I log in and the user is created => FINE
When I use IE the authentication should be done automaticaly…
I get :
net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
I don't understand… Can someone help…
Thanks,
Sylvain
When I log in using Firefox, the browser prompts for login.
I log in and the user is created => FINE
When I use IE the authentication should be done automaticaly…
I get :
net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
I don't understand… Can someone help…
Thanks,
Sylvain
Labels:
- Labels:
-
Archive
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2007 10:25 AM
I got the same problem. Did you receive any solution yet?
My setup:
- Windows 2003 server SP3
- MySQL 5.0
- Alfresco Community Network v2.1.0 with Tomcat 5.5.23
- JVM 1.6.0up2
CIFS is working perfect with NTLM-authentication. I connect easely via exporer to \\SERVER_a\alfresco and browse the file-tree. If I connect via the login-page (http://SERVER:8080/alfresco/faces/jsp/login.jsp) it's working fine as well. But if I want to connect directly I get the error: Failed to open passthru auth session. I'm not using LDAP.
ntlm-authentication-context.xml:
file-servers-custom.xml:
web.xml:
What am I doing wrong to get the webclient login automatically?
Thanks in advance
My setup:
- Windows 2003 server SP3
- MySQL 5.0
- Alfresco Community Network v2.1.0 with Tomcat 5.5.23
- JVM 1.6.0up2
CIFS is working perfect with NTLM-authentication. I connect easely via exporer to \\SERVER_a\alfresco and browse the file-tree. If I connect via the login-page (http://SERVER:8080/alfresco/faces/jsp/login.jsp) it's working fine as well. But if I want to connect directly I get the error: Failed to open passthru auth session. I'm not using LDAP.
ntlm-authentication-context.xml:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<!– Note from V2.0 the bean id must be authenticationComponent –>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<!–
<property name="useLocalServer">
<value>true</value>
</property>
–>
<property name="servers">
<value>IP-ADDRESS-OF-OUR-DOMAIN-CONTROLLER</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="transactionService">
<ref bean="transactionComponent" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
</beans>
file-servers-custom.xml:
<alfresco-config area="file-servers">
<!– To override the default Alfresco filesystem use replace="true", to –>
<!– add additional filesystems remove the replace="true" attribute –>
<config evaluator="string-compare" condition="Filesystem Security" replace="true">
<authenticator type="passthru">
<Server>IP-ADDRESS-OF-OUR-DOMAIN-CONTROLLER</Server>
</authenticator>
</config>
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<!– Allow guest access to file systems –>
<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="alfresco">
<allowGuest/>
<!– Map any unknown user to guest –>
<!–
<mapUnknownUserToGuest/>
–>
</authenticator>
</config>
</alfresco-config>
web.xml:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Alfresco Web Client</display-name>
<description>Alfresco Web Client</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config-app.xml,/WEB-INF/faces-config-beans.xml,/WEB-INF/faces-config-navigation.xml,/WEB-INF/faces-config-common.xml,/WEB-INF/faces-config-repo.xml,/WEB-INF/faces-config-wcm.xml,/WEB-INF/faces-config-custom.xml</param-value>
</context-param>
<context-param>
<param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
<param-value>false</param-value>
<description>This is an EXPERIMENTAL feature, so leave it off for now!</description>
</context-param>
<context-param>
<param-name>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</param-name>
<param-value>false</param-value>
<description>Stop MyFaces from Serializing the state to the session</description>
</context-param>
<!– TODO: Change this to false for production –>
<context-param>
<param-name>org.apache.myfaces.PRETTY_HTML</param-name>
<param-value>true</param-value>
<description>
If true, rendered HTML code will be formatted, so that it is "human readable".
i.e. additional line separators and whitespace will be written, that do not
influence the HTML code.
Default: "true"
</description>
</context-param>
<context-param>
<param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
<param-value>false</param-value>
<description>
If true, a javascript function will be rendered that is able to restore the
former vertical scroll on every request. Convenient feature if you have pages
with long lists and you do not want the browser page to always jump to the top
if you trigger a link or button action that stays on the same page.
Default: "false"
</description>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:alfresco/application-context.xml
classpath:alfresco/web-client-application-context.xml
classpath:alfresco/web-scripts-application-context.xml
classpath:web-services-application-context.xml
</param-value>
<description>Spring config file locations</description>
</context-param>
<filter>
<filter-name>Authentication Filter</filter-name>
<!– For default Authentication –>
<!–
<filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
–>
<!– For Novell IChain support use the following filter –>
<!–
<filter-class>org.alfresco.web.app.servlet.NovellIChainsHTTPRequestAuthenticationFilter</filter-class>
–>
<!– For NTLM authentication support use the following filter –>
<filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>
</filter>
<filter>
<filter-name>WebDAV Authentication Filter</filter-name>
<!– For default authentication support use the following filter –>
<!–
<filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>
–>
<!– For NTLM authentication support use the following filter –>
<filter-class>org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter</filter-class>
</filter>
<filter>
<filter-name>Admin Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<!– for NTLM: http://wiki.alfresco.com/wiki/Authentication_Configuration –>
<!–
causes an error!!!
<filter-mapping>
<filter-name>NTLM Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
–>
<!– For NTLM authentication support enable the following mapping –>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/navigate/*</url-pattern>
</filter-mapping>
<!–
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/command/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/template/*</url-pattern>
</filter-mapping>
–>
<filter-mapping>
<filter-name>WebDAV Authentication Filter</filter-name>
<url-pattern>/webdav/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/categories/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/groups/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/users/delete-user.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/users/users.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/dialog/system-info.jsp</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.alfresco.web.app.ContextListener</listener-class>
</listener>
<!– Faces Servlet –>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>uploadFile</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.UploadFileServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>uploadContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.UploadContentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>downloadContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.DownloadContentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>downloadRawContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.DownloadRawContentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>guestDownloadContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.GuestDownloadContentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>guestTemplateContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.GuestTemplateContentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>externalAccess</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.ExternalAccessServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>templateContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.TemplateContentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>commandServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.CommandServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>ajaxServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.ajax.AjaxServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>axis</servlet-name>
<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet>
<servlet-name>WebDAV</servlet-name>
<servlet-class>org.alfresco.repo.webdav.WebDAVServlet</servlet-class>
<init-param>
<param-name>store</param-name>
<param-value>workspace://SpacesStore</param-value>
</init-param>
<init-param>
<param-name>rootPath</param-name>
<param-value>/app:company_home</param-value>
</init-param>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet>
<servlet-name>apiServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.WebScriptServlet</servlet-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.basic</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>wcapiServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.WebScriptServlet</servlet-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.webclient</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>portalapiServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.WebScriptServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>proxyServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.HTTPProxyServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>workflowDefinitionImageServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.WorkflowDefinitionImageServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>JBPMDeployProcessServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.JBPMDeployProcessServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>uploadFile</servlet-name>
<url-pattern>/uploadFileServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>uploadContent</servlet-name>
<url-pattern>/upload/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>downloadContent</servlet-name>
<url-pattern>/download/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>downloadContent</servlet-name>
<url-pattern>/d/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>downloadRawContent</servlet-name>
<url-pattern>/dr</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>guestDownloadContent</servlet-name>
<url-pattern>/guestDownload/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>guestDownloadContent</servlet-name>
<url-pattern>/gd/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>templateContent</servlet-name>
<url-pattern>/template/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>templateContent</servlet-name>
<url-pattern>/t/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>guestTemplateContent</servlet-name>
<url-pattern>/guestTemplate/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>guestTemplateContent</servlet-name>
<url-pattern>/gt/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>externalAccess</servlet-name>
<url-pattern>/navigate/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>externalAccess</servlet-name>
<url-pattern>/n/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>commandServlet</servlet-name>
<url-pattern>/command/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>commandServlet</servlet-name>
<url-pattern>/c/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ajaxServlet</servlet-name>
<url-pattern>/ajax/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>axis</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WebDAV</servlet-name>
<url-pattern>/webdav/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>apiServlet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>apiServlet</servlet-name>
<url-pattern>/s/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>wcapiServlet</servlet-name>
<url-pattern>/wcservice/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>wcapiServlet</servlet-name>
<url-pattern>/wcs/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>portalapiServlet</servlet-name>
<url-pattern>/168service/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>portalapiServlet</servlet-name>
<url-pattern>/168s/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>proxyServlet</servlet-name>
<url-pattern>/proxy</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JBPMDeployProcessServlet</servlet-name>
<url-pattern>/jbpm/deployprocess</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>workflowDefinitionImageServlet</servlet-name>
<url-pattern>/workflowdefinitionimage/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/jsp/error.jsp</location>
</error-page>
</web-app>
What am I doing wrong to get the webclient login automatically?
Thanks in advance
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2007 10:55 AM
I confirm I have EXACTLY the same configuration as yours except for
- the 2003 serveur. I'm actualy testing 2.1 on XP SP2,
- My JDK is 1.5.0_11
I also have EXACTLY the same behaviour.
I've been trying to work around this for 2 days !
Can't figure out where the problem comes from…
- the 2003 serveur. I'm actualy testing 2.1 on XP SP2,
- My JDK is 1.5.0_11
I also have EXACTLY the same behaviour.
I've been trying to work around this for 2 days !
Can't figure out where the problem comes from…
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2007 06:07 AM
I figured out one more thing…
If I change IE behaviour, i.e. remove the automatic authentification as ask for login/password (Internet Options -> Security -> Intranet -> Customize level…), It works fine.
Here are the 2 NTLM debug Outputs :
1. With automatic IE login :
2. With IE required authentication
DEBUG of autologin mode, authentication look like :
DEBUG of required login mode, authentication look like :
Here Domain and Wks are not set…
Why ????
If I change IE behaviour, i.e. remove the automatic authentification as ask for login/password (Internet Options -> Security -> Intranet -> Customize level…), It works fine.
Here are the 2 NTLM debug Outputs :
1. With automatic IE login :
11:12:34,118 DEBUG [app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 10.1.10.239 (10.1.10.239:4343)
11:12:34,118 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa208b207,Domain:ACTIFPLUS,Wks:PC9QZ8W2
J]
11:12:34,134 ERROR [[localhost].[/alfresco].[Faces Servlet]] "Servlet.service()" pour la servlet Faces Servlet a gÚnÚrÚ
une exception
net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthe
nticationComponentImpl.java:793)
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticatio
nComponentImpl.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:
187)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy18.authenticate(Unknown Source)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType1(NTLMAuthenticationFilter.java:523)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:395)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java
:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:595)2. With IE required authentication
11:50:39,366 DEBUG [app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 10.1.10.239 (10.1.10.239:4870)
11:50:39,382 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
11:50:39,397 DEBUG [app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x80000203,Target:PC8YV8
W2J_A,Ch:74f205e830f24f1e]
11:50:39,397 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:d57c3fb539f677e276069d71bb0eb8da963f
c7d1b663f697,NTLM:36746be2fa69c79675573efa2303a24e8fd392a02cd1f6d1,Dom:ACTIFPLUS,User:shannelais,Wks:PC9QZ8W2J]
11:50:39,413 DEBUG [app.servlet.NTLMAuthenticationFilter] Updated cached NTLM details
11:50:39,413 DEBUG [app.servlet.NTLMAuthenticationFilter] User logged on via NTLM, [shannelais,Wks:PC9QZ8W2J,Dom:ACTIFPL
US,AuthSrv:PC8YV8W2J_A,Fri Aug 31 11:50:39 CEST 2007]DEBUG of autologin mode, authentication look like :
[app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa208b207,Domain:ACTIFPLUS,Wks:PC9QZ8W2J]DEBUG of required login mode, authentication look like :
[app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]Here Domain and Wks are not set…
Why ????
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2007 07:48 AM
The same with me. If I let the user connect directly I get the debug-info
If I let a user login via the login-page I get an NTLM-session and the connection is made…
487 DEBUG [app.servlet.NTLMAuthenticationFilter] User kulens validate ticket
502 DEBUG [app.servlet.NTLMAuthenticationFilter] Authentication not required, chaining …
202 DEBUG [app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 192.168.3.22 (192.168.3.22:3735)
280 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa208b207,Domain:MY_DOMAIN,Wks:MY_COMPUTER_NAME]
295 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
If I let a user login via the login-page I get an NTLM-session and the connection is made…
DEBUG [app.servlet.NTLMAuthenticationFilter] Login page requested, chaining …
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2007 04:06 AM
Hi there !
i have EXACTLY the same problem.
localhost_a with CIFS works fine.
but if i connect with IE i still get the login page.
looking into the sources, i found out, that no user is in the session and therefore the login page is requested
In NTLMAutheticationFilter.java in line 320 there is an if:
debugging says user= null, and so the login page is requested.
if you found out something, please let me know.
I also will…
i have EXACTLY the same problem.
localhost_a with CIFS works fine.
but if i connect with IE i still get the login page.
looking into the sources, i found out, that no user is in the session and therefore the login page is requested
In NTLMAutheticationFilter.java in line 320 there is an if:
if ( reqAuth == false && user != null)
debugging says user= null, and so the login page is requested.
if you found out something, please let me know.
I also will…
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2007 04:38 AM
Hi again !
After a busy Weekend I finally got it working.
This is what I did (a complete HowTo will follow pretty soon):
- Configure in Internet Explorer:
Internet Options -> Security -> Intranet -> Customize level:
automatic authentification for intranet zone
- add user in custom-authority-services-context.xml:
- verify that entered URL is http://HOSTNAME:8080/alfresco and not
http://HOSTNAME:8080/alfresco/faces/jsp/login.jsp
I debugged the code to find out why the error "Failed to open passthru auth session" was thrown.
I found out, that "domain" is null in PassthruServers.java, line 435 :
I was wondering how the flow of the application was to get into this line, so i learned about NTLM mechnism.
A good description about NTLM can be found here:
http://www.innovation.ch/personal/ronald/ntlm.html
This article helped me understanding the flow.
NTLMAuthenticationFilter, doFilter(), Line 268:
1st step:
"authHdr" is null, "user" is null, so line 368: "New NTLM auth request from…" is done
As shown in the NTLM-Document a 2nd step is done:
2nd step:
This time "authHdr" starts with "NTLM", "user" is still "null", so programm continues in "else" part in line 383 (as it is the 2nd step it is type-1-message).
3rd step:
(type is type-3-message)
This again is the place where the domainname is checked:
So I checked where domain should have been set and found in Class PassthruServers.java: line 553, ff:
In my case "srvName" was SERVERNAME, so "domain" wasn't set.
I still do not know where I can configure the domainname.
… so I hardcoded it in the application.
domain = "MYDOMAIN";
I know that this is not the best way to solve, but it works for my company and so nobody has a problem with it.
Maybe its a bug in Alfresco ?
With all this i now can enter Alfresco via CIFS and Web without entering username/password. Pretty cool !
so long…
Sessa
After a busy Weekend I finally got it working.
This is what I did (a complete HowTo will follow pretty soon):
- Configure in Internet Explorer:
Internet Options -> Security -> Intranet -> Customize level:
automatic authentification for intranet zone
- add user in custom-authority-services-context.xml:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authorityService" class="org.alfresco.repo.security.authority.AuthorityServiceImpl">
<property name="authenticationComponent">
<ref bean="authenticationComponent" />
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="authorityDAO">
<ref bean="authorityDAO" />
</property>
<property name="permissionServiceSPI">
<ref bean="permissionServiceImpl" />
</property>
<property name="adminUsers">
<set>
<value>alfrescocifs</value> <!– add an NTLM user as an Administrator –>
<value>admin</value>
<value>User1</value>
<value>User2</value>
<value>User3</value>
<value>administrator</value>
</set>
</property>
</bean>
</beans>
- verify that entered URL is http://HOSTNAME:8080/alfresco and not
http://HOSTNAME:8080/alfresco/faces/jsp/login.jsp
I debugged the code to find out why the error "Failed to open passthru auth session" was thrown.
I found out, that "domain" is null in PassthruServers.java, line 435 :
if ( curServer.getDomain() != null && curServer.getDomain().equals( clientDomain))
I was wondering how the flow of the application was to get into this line, so i learned about NTLM mechnism.
A good description about NTLM can be found here:
http://www.innovation.ch/personal/ronald/ntlm.html
This article helped me understanding the flow.
NTLMAuthenticationFilter, doFilter(), Line 268:
1st step:
"authHdr" is null, "user" is null, so line 368: "New NTLM auth request from…" is done
As shown in the NTLM-Document a 2nd step is done:
2nd step:
This time "authHdr" starts with "NTLM", "user" is still "null", so programm continues in "else" part in line 383 (as it is the 2nd step it is type-1-message).
3rd step:
(type is type-3-message)
This again is the place where the domainname is checked:
if ( curServer.getDomain() != null && curServer.getDomain().equals( clientDomain))
So I checked where domain should have been set and found in Class PassthruServers.java: line 553, ff:
String srvName = tokens.nextToken().trim();
String domain = null;
int pos = srvName.indexOf( '\\');
if ( pos != -1)
{
domain = srvName.substring(0, pos);
srvName = srvName.substring( pos + 1);
}
In my case "srvName" was SERVERNAME, so "domain" wasn't set.
I still do not know where I can configure the domainname.
… so I hardcoded it in the application.
domain = "MYDOMAIN";
I know that this is not the best way to solve, but it works for my company and so nobody has a problem with it.
Maybe its a bug in Alfresco ?
With all this i now can enter Alfresco via CIFS and Web without entering username/password. Pretty cool !
so long…
Sessa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2007 07:25 AM
Sessa, Thanks for your last posts…
You gave me an Idea.
In ntlm-authentication-context.xml I have set my servers as follows :
I thought I had tried this already. I guess not.
However, doing this everything works fine.
Thanks everybody !
Sylvain
You gave me an Idea.
In ntlm-authentication-context.xml I have set my servers as follows :
<property name="servers">
<value>DOMAIN\SERVER</value>
</property>I thought I had tried this already. I guess not.
However, doing this everything works fine.
Thanks everybody !
Sylvain
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2007 09:01 AM
hi !
Thanks for that hint. It's working now without changing the code.
Yesterday i tried MY-DOMAIN\\XXX.XXX.XX.XX and it didn't work.
I put two'\' cause i saw it in the code. Buti didn't try is to use only one '\'.
Thanks for that hint. It's working now without changing the code.
Yesterday i tried MY-DOMAIN\\XXX.XXX.XX.XX and it didn't work.
I put two'\' cause i saw it in the code. Buti didn't try is to use only one '\'.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2007 09:41 AM
None of this seems to work for me… I keep getting the error. So maybe I need to adapt the code as Sessa suggested.
Again this proves how much time you lose on open-source…
Again this proves how much time you lose on open-source…
Related Content
- Alfresco Outbound Email Configuration in Alfresco Forum
- [community edition] Solr doesn't start after migration from 7.3.0 to 23.4.1 in Alfresco Forum
- External Authentication using OIDC/SAML ? in Alfresco Forum
- Authentication from Java Rest APi extension project in Alfresco Forum
- Alfresco Community Edition 23.4 Release Notes in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
