Hyland Connect

forsetiavatar · ‎10-14-2010

I am having problems getting Share working with mod_auth_cas according to this guide… http://wiki.alfresco.com/wiki/Alfresco_With_mod_auth_cas
(minus the x509 stuff as I have no intention of using client certificates)
A few notes:

I am using Alfresco 3.3g, and CAS 3.3.5 and 389DS for LDAP

CAS and LDAP both are on separate servers servers.

snoop.jsp returns the proper username after login through CAS

Logging into Alfresco Explorer through CAS works fine.

Logging into other tomcat servers through CAS works fine.

I have been fighting with this thing for a week now and it is driving me crazy.

I found this issue in JIRA but it seems to indicate that commenting out the filter in web.xml (which I have) will solve the problem (which it did't)… http://issues.alfresco.com/jira/browse/ALF-2788

Could someone please provide me with some help on this matter.

Here is the error I am getting…


HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.UserFactoryException: Unable to retrieve user from repository
   org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:659)
   org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:552)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
root cause

org.springframework.extensions.surf.exception.UserFactoryException: Unable to retrieve user from repository
   org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:179)
   org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:165)
   org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:99)
   org.springframework.extensions.surf.RequestContextUtil.initialiseUser(RequestContextUtil.java:202)
   org.springframework.extensions.surf.RequestContextUtil.populateRequestContext(RequestContextUtil.java:175)
   org.springframework.extensions.surf.RequestContextUtil.populateRequestContext(RequestContextUtil.java:130)
   org.springframework.extensions.surf.mvc.AbstractWebFrameworkView.populateRequestContext(AbstractWebFrameworkView.java:243)
   org.springframework.extensions.surf.mvc.AbstractWebFrameworkView.renderMergedOutputModel(AbstractWebFrameworkView.java:105)
   org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250)
   org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1060)
   org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
   org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716)
   org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647)
   org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:552)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
root cause

org.json.JSONException: A JSONObject text must begin with '{' at character 9
   org.json.JSONTokener.syntaxError(JSONTokener.java:413)
   org.json.JSONObject.<init>(JSONObject.java:180)
   org.json.JSONObject.<init>(JSONObject.java:420)
   org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:173)
   org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:165)
   org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:99)
   org.springframework.extensions.surf.RequestContextUtil.initialiseUser(RequestContextUtil.java:202)
   org.springframework.extensions.surf.RequestContextUtil.populateRequestContext(RequestContextUtil.java:175)
   org.springframework.extensions.surf.RequestContextUtil.populateRequestContext(RequestContextUtil.java:130)
   org.springframework.extensions.surf.mvc.AbstractWebFrameworkView.populateRequestContext(AbstractWebFrameworkView.java:243)
   org.springframework.extensions.surf.mvc.AbstractWebFrameworkView.renderMergedOutputModel(AbstractWebFrameworkView.java:105)
   org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250)
   org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1060)
   org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
   org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716)
   org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647)
   org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:552)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Here is the relevant section of my cas logs…


2010-10-14 15:46:17,025 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' beginning execution>
2010-10-14 15:46:17,025 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://kocw-vmg-alf-002/share>
2010-10-14 15:46:17,030 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://kocw-vmg-alf-002/share>
2010-10-14 15:46:17,035 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' completed execution; result is 'success'>
2010-10-14 15:46:17,036 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:17,036 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing setupForm>
2010-10-14 15:46:17,037 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form object with name 'credentials'>
2010-10-14 15:46:17,037 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]>
2010-10-14 15:46:17,037 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'>
2010-10-14 15:46:17,038 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form errors for object with name 'credentials'>
2010-10-14 15:46:17,038 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register>
2010-10-14 15:46:17,038 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash>
2010-10-14 15:46:17,039 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:17,039 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:17,039 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:40,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:40,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing bind>
2010-10-14 15:46:40,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow>
2010-10-14 15:46:40,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register>
2010-10-14 15:46:40,579 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding allowed request parameters in map['lt' -> '_c54525115-9025-FF36-3E2F-AE6DE616E735_kD537FA5F-EAAD-79DD-E628-28F03D529A9E', 'service' -> 'http://kocw-vmg-alf-002/share', '_eventId' -> 'submit', 'password' -> 'p4ssw0rd', 'submit' -> 'LOGIN', 'username' -> 'jharrison'] to form object with name 'credentials', pre-bind formObject toString = [username: null]>
2010-10-14 15:46:40,579 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <(Any field is allowed)>
2010-10-14 15:46:40,587 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding completed for form object with name 'credentials', post-bind formObject toString = [username: jharrison]>
2010-10-14 15:46:40,587 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0] errors, details: []>
2010-10-14 15:46:40,587 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing validation>
2010-10-14 15:46:40,588 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Invoking validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator@5f8f127c>
2010-10-14 15:46:40,588 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Validation completed for form object>
2010-10-14 15:46:40,588 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0] errors, details: []>
2010-10-14 15:46:40,588 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash>
2010-10-14 15:46:40,588 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:40,589 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:40,589 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow>
2010-10-14 15:46:40,589 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create TicketGrantingTicket for [username: jharrison]>
2010-10-14 15:46:40,589 DEBUG [org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler] - <User [jharrison] failed authentication>
2010-10-14 15:46:40,589 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler failed to authenticate the user which provided the following credentials: [username: jharrison]>
2010-10-14 15:46:40,589 DEBUG [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] - <Performing LDAP bind with credential: uid=jharrison,dc=kocw,dc=com>
2010-10-14 15:46:40,655 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: jharrison]>
2010-10-14 15:46:40,655 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Attempting to resolve a principal…>
2010-10-14 15:46:40,656 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [jharrison]>
2010-10-14 15:46:40,657 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-53-KST1Gt5EHdO3xiayZSycCUveJwKM0GbzpfDTMBFeQGAfp6edTQ-kocw-vmg-cas-002] to registry.>
2010-10-14 15:46:40,657 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]>
2010-10-14 15:46:40,657 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:40,658 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'SendTicketGrantingTicketAction' beginning execution>
2010-10-14 15:46:40,658 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie with name [CASTGC] and value [TGT-53-KST1Gt5EHdO3xiayZSycCUveJwKM0GbzpfDTMBFeQGAfp6edTQ-kocw-vmg-cas-002]>
2010-10-14 15:46:40,658 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'SendTicketGrantingTicketAction' completed execution; result is 'success'>
2010-10-14 15:46:40,658 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' beginning execution>
2010-10-14 15:46:40,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-53-KST1Gt5EHdO3xiayZSycCUveJwKM0GbzpfDTMBFeQGAfp6edTQ-kocw-vmg-cas-002]>
2010-10-14 15:46:40,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-53-KST1Gt5EHdO3xiayZSycCUveJwKM0GbzpfDTMBFeQGAfp6edTQ-kocw-vmg-cas-002] found in registry.>
2010-10-14 15:46:40,659 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [ST-82-fKV3nptbfhIHt9Azfxnj-kocw-vmg-cas-002] to registry.>
2010-10-14 15:46:40,659 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-82-fKV3nptbfhIHt9Azfxnj-kocw-vmg-cas-002] for service [http://kocw-vmg-alf-002/share] for user [jharrison]>
2010-10-14 15:46:40,659 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' completed execution; result is 'success'>
2010-10-14 15:46:40,724 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://kocw-vmg-alf-002/share>
2010-10-14 15:46:40,724 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-82-fKV3nptbfhIHt9Azfxnj-kocw-vmg-cas-002]>
2010-10-14 15:46:40,725 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-82-fKV3nptbfhIHt9Azfxnj-kocw-vmg-cas-002] found in registry.>
2010-10-14 15:46:40,725 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-82-fKV3nptbfhIHt9Azfxnj-kocw-vmg-cas-002] from registry>
2010-10-14 15:46:42,572 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' beginning execution>
2010-10-14 15:46:42,579 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://kocw-vmg-alf-002/alfresco/wcs/remotestore/has/alfresco/site-data/configurations/slingshot.sit...>
2010-10-14 15:46:42,579 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://kocw-vmg-alf-002/alfresco/wcs/remotestore/has/alfresco/site-data/configurations/slingshot.sit...>
2010-10-14 15:46:42,579 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' completed execution; result is 'success'>
2010-10-14 15:46:42,580 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:42,580 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing setupForm>
2010-10-14 15:46:42,580 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form object with name 'credentials'>
2010-10-14 15:46:42,580 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]>
2010-10-14 15:46:42,580 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'>
2010-10-14 15:46:42,581 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form errors for object with name 'credentials'>
2010-10-14 15:46:42,581 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register>
2010-10-14 15:46:42,581 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash>
2010-10-14 15:46:42,581 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:42,581 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:42,581 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:42,642 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' beginning execution>
2010-10-14 15:46:42,643 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://kocw-vmg-alf-002/alfresco/wcs/remotestore/has/alfresco/site-data/themes/default.xml?s=sitesto...>
2010-10-14 15:46:42,643 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://kocw-vmg-alf-002/alfresco/wcs/remotestore/has/alfresco/site-data/themes/default.xml?s=sitesto...>
2010-10-14 15:46:42,643 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' completed execution; result is 'success'>
2010-10-14 15:46:42,643 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:42,647 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing setupForm>
2010-10-14 15:46:42,648 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form object with name 'credentials'>
2010-10-14 15:46:42,648 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]>
2010-10-14 15:46:42,648 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'>
2010-10-14 15:46:42,648 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form errors for object with name 'credentials'>
2010-10-14 15:46:42,655 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register>
2010-10-14 15:46:42,655 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash>
2010-10-14 15:46:42,656 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:42,656 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:42,656 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:42,703 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' beginning execution>
2010-10-14 15:46:42,703 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://kocw-vmg-alf-002/alfresco/wcs/remotestore/has/alfresco/site-data/pages/site-index.xml?s=sites...>
2010-10-14 15:46:42,703 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://kocw-vmg-alf-002/alfresco/wcs/remotestore/has/alfresco/site-data/pages/site-index.xml?s=sites...>
2010-10-14 15:46:42,703 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' completed execution; result is 'success'>
2010-10-14 15:46:42,704 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:42,704 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing setupForm>
2010-10-14 15:46:42,704 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form object with name 'credentials'>
2010-10-14 15:46:42,704 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]>
2010-10-14 15:46:42,704 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'>
2010-10-14 15:46:42,704 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form errors for object with name 'credentials'>
2010-10-14 15:46:42,704 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register>
2010-10-14 15:46:42,705 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash>
2010-10-14 15:46:42,705 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:42,705 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:42,705 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:42,755 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' beginning execution>
2010-10-14 15:46:42,755 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://kocw-vmg-alf-002/alfresco/wcs/webframework/content/metadata?user=jharrison>
2010-10-14 15:46:42,755 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://kocw-vmg-alf-002/alfresco/wcs/webframework/content/metadata?user=jharrison>
2010-10-14 15:46:42,755 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' completed execution; result is 'success'>
2010-10-14 15:46:42,756 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:42,756 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing setupForm>
2010-10-14 15:46:42,756 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form object with name 'credentials'>
2010-10-14 15:46:42,757 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]>
2010-10-14 15:46:42,757 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'>
2010-10-14 15:46:42,757 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form errors for object with name 'credentials'>
2010-10-14 15:46:42,757 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register>
2010-10-14 15:46:42,757 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash>
2010-10-14 15:46:42,757 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2010-10-14 15:46:42,757 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2010-10-14 15:46:42,758 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

and my share-config-custom.xml

<alfresco-config>

   <!– Global config section –>
   <config replace="true">
      <flags>
         <!–
            Developer debugging setting to turn on DEBUG mode for client scripts in the browser
         –>
         <client-debug>true</client-debug>

         <!–
            LOGGING can always be toggled at runtime when in DEBUG mode (Ctrl, Ctrl, Shift, Shift).
            This flag automatically activates logging on page load.
         –>
         <client-debug-autologging>true</client-debug-autologging>
      </flags>
   </config>

   <!– Document Library config section –>
   <config evaluator="string-compare" condition="DocumentLibrary" replace="true">

      <!–
         Whether the folder Tree component should enumerate child folders or not.
         This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
      –>
      <tree>
         <evaluate-child-folders>false</evaluate-child-folders>
      </tree>

      <!–
         Used by the "Manage Aspects" action

         For custom aspects, remember to also add the relevant i18n string(s)
            cm_myaspect=My Aspect
      –>
      <aspects>
         <!– Aspects that a user can see –>
         <visible>
            <aspect name="cm:generalclassifiable" />
            <aspect name="cm:complianceable" />
            <aspect name="cm:dublincore" />
            <aspect name="cm:effectivity" />
            <aspect name="cm:summarizable" />
            <aspect name="cm:versionable" />
            <aspect name="cm:templatable" />
            <aspect name="cm:emailed" />
            <aspect name="emailserver:aliasable" />
            <aspect name="cm:taggable" />
            <aspect name="app:inlineeditable" />
            <aspect name="gd:googleEditable" />
         </visible>

         <!– Aspects that a user can add. Same as "visible" if left empty –>
         <addable>
         </addable>

         <!– Aspects that a user can remove. Same as "visible" if left empty –>
         <removeable>
         </removeable>
      </aspects>

      <!–
         Used by the "Change Type" action

         Define valid subtypes using the following example:
            <type name="cm:content">
               <subtype name="cm:mysubtype" />
            </type>

         Remember to also add the relevant i18n string(s):
            cm_mysubtype=My SubType
      –>
      <types>
         <type name="cm:content">
         </type>

         <type name="cm:folder">
         </type>
      </types>

      <!–
         If set, will present a WebDAV link for the current item on the Document and Folder details pages.
         Also used to generate the "View in Alfresco Explorer" action for folders.
      –>
      <repository-url>http://localhost:8080/alfresco</repository-url>

      <!–
         Google Docs integration
      –>
      <google-docs>
         <!–
            Enable/disable the Google Docs UI integration (Extra types on Create Content menu, Google Docs actions).
            If enabled, remember to also make sure the gd:googleEditable aspect is made visible in the <aspects> section above.
         –>
         <enabled>true</enabled>
         
         <!–
            The mimetypes of documents Google Docs allows you to create via the Share interface.
            The I18N label is created from the "type" attribute, e.g. google-docs.doc=Google Docs&trade; Document
         –>
         <creatable-types>
            <creatable type="doc">application/msword</creatable>
            <creatable type="xls">application/vnd.ms-excel</creatable>
            <creatable type="ppt">application/vnd.ms-powerpoint</creatable>
         </creatable-types>
      </google-docs>
   </config>

   <!– Repository Library config section –>
   <config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
      <!–
         Whether the link to the Repository Library appears in the header component or not.
      –>
      <visible>false</visible>

      <!–
         Root nodeRef for top-level folder.
      –>
      <root-node>alfresco://company/home</root-node>

      <!–
         Whether the folder Tree component should enumerate child folders or not.
         This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
      –>
      <tree>
         <evaluate-child-folders>false</evaluate-child-folders>
      </tree>
   </config>
   
   <!– 
        NTLM authentication config for Share
        NOTE: you will also need to enable the NTLM authentication filter in Share web.xml
              change localhost:8080 below to appropriate alfresco server location if required
   –>
   
   <config evaluator="string-compare" condition="Remote">
      <remote>
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
         </connector>
         
         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://kocw-vmg-alf-002/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>
   
<!–
      <config evaluator="string-compare" condition="Remote">
        <remote>
         
            <endpoint>
                <id>alfresco</id>
                <name>Alfresco - user access</name>
                <description>Access to Alfresco Repository WebScripts that require user authentication</description>
                <connector-id>alfresco</connector-id>
                <endpoint-url>http://kocw-vmg-alf-002/alfresco/wcs</endpoint-url>
                <identity>user</identity>
                <external-auth>true</external-auth>
                <authenticator-id>alfresco-ticket</authenticator-id>
            </endpoint>
            
        </remote>
    </config>
–>
   <!– example changing port used to access remote Alfresco server (default is 8080) 
   <config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://kocw-vmg-alf-002/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
      </remote>
   </config>
   –>

         <!– Authenticator Implementations –>
<!–
         <authenticator>
            <id>alfresco-ticket</id>
            <name>Alfresco Authenticator</name>
            <description>Alfresco Authenticator</description>
            <class>com.atolcd.alfresco.CasAlfrescoAuthenticator</class>
         </authenticator>
–>
</alfresco-config>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

forsetiavatar · ‎10-25-2010

Come on….. anyone, anyone….. Bueller? Has anybody gotten this to work using the instructions on the wiki?

warren_mcdonald · ‎10-28-2010

Just a hint but you may have missed the point of the x509 stuff.

The certificate part of this config enables the Share web app to connect to the Alfresco repo backend using x509 trusted certs. You must implement the full config! Including enabling the x509 extension bean in CAS webapp deployer context.

Although this config could be the basis of client auth by cert, that is not it's purpose.

Cheers,

Warren

forsetiavatar · ‎10-29-2010

Thanks for the reply Warren. I did actually miss the point initially. But I have since gone back and followed the wiki exactly. Building CAS from source, putting everything on one server and all. I still can not get share to function however. Now alfresco explorer still functions, I can use the certificate on my computer to log in and I get the 'alfresco-system' as the remote user in the snoop.jsp test. Looking at my CAS log after remove the cert from my computer and try to go into share using a username/password, it is assigning me a ticket but it also says that there is no cert found. Like you said share uses that certificate to authenticate to alfresco explorer, so should that appear in the CAS logs as well? I am a little confused on this point, but after reading the wiki many, MANY times I am thinking that this is what it is supposed to do. I am at home right now but I will VPN into work in a few and get the relevant logs. Once again thanks for your reply. I really appreciate the help.
*Edit*

Ok, connected to the office. here are the logs….


2010-10-29 00:22:23,925 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create TicketGrantingTicket for [username: alfuser]>
2010-10-29 00:22:23,925 DEBUG [org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler] - <User [alfuser] was successfully authenticated.>
2010-10-29 00:22:23,925 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: alfuser]>
2010-10-29 00:22:23,925 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Attempting to resolve a principal…>
2010-10-29 00:22:23,925 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [alfuser]>
2010-10-29 00:22:23,926 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-3-ukx59RFr0Fw3IgG7pf61UyDk5EGtHhEeOXe29P1ekdpPHE0Buu-cas] to registry.>
2010-10-29 00:22:23,926 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]>
2010-10-29 00:22:23,926 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie with name [CASTGC] and value [TGT-3-ukx59RFr0Fw3IgG7pf61UyDk5EGtHhEeOXe29P1ekdpPHE0Buu-cas]>
2010-10-29 00:22:23,926 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-3-ukx59RFr0Fw3IgG7pf61UyDk5EGtHhEeOXe29P1ekdpPHE0Buu-cas]>
2010-10-29 00:22:23,926 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-3-ukx59RFr0Fw3IgG7pf61UyDk5EGtHhEeOXe29P1ekdpPHE0Buu-cas] found in registry.>
2010-10-29 00:22:23,927 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [ST-3-HwJd5MRIdwqXDytAjVtv-cas] to registry.>
2010-10-29 00:22:23,927 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-3-HwJd5MRIdwqXDytAjVtv-cas] for service [https://kocw-vmg-alf-002.kocw.com:443/share/] for user [alfuser]>
2010-10-29 00:22:24,289 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: https://kocw-vmg-alf-002.kocw.com:443/share/>
2010-10-29 00:22:24,289 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-3-HwJd5MRIdwqXDytAjVtv-cas]>
2010-10-29 00:22:24,289 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-3-HwJd5MRIdwqXDytAjVtv-cas] found in registry.>
2010-10-29 00:22:24,289 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-3-HwJd5MRIdwqXDytAjVtv-cas] from registry>
2010-10-29 00:22:25,316 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://kocw-vmg-alf-002.kocw.com/alfresco/wcs/webframework/content/metadata?user=alfuser>
2010-10-29 00:22:25,317 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Action 'X509CertificateCredentialsNonInteractiveAction' beginning execution>
2010-10-29 00:22:25,317 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Certificates not found in request.>
2010-10-29 00:22:25,317 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Action 'X509CertificateCredentialsNonInteractiveAction' completed execution; result is 'error'>
Oct 29, 2010 12:22:25 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet Spring Surf Dispatcher Servlet threw exception
org.json.JSONException: A JSONObject text must begin with '{' at character 9
   at org.json.JSONTokener.syntaxError(JSONTokener.java:413)
   at org.json.JSONObject.<init>(JSONObject.java:180)
   at org.json.JSONObject.<init>(JSONObject.java:420)
   at org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:173)
   at org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:165)
   at org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:99)
   at org.springframework.extensions.surf.RequestContextUtil.initialiseUser(RequestContextUtil.java:202)
   at org.springframework.extensions.surf.RequestContextUtil.initRequestContext(RequestContextUtil.java:106)
   at org.springframework.extensions.surf.RequestContextUtil.initRequestContext(RequestContextUtil.java:53)
   at org.alfresco.web.site.SlingshotPageViewResolver.lookupPage(SlingshotPageViewResolver.java:57)
   at org.springframework.extensions.surf.mvc.PageViewResolver.canHandle(PageViewResolver.java:71)
   at org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:370)
   at org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:77)
   at org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1091)
   at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1040)
   at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
   at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716)
   at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647)
   at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:552)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:67)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
   at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
   at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)
   at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698)
   at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891)
   at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
   at java.lang.Thread.run(Thread.java:636)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

and the relevant section of my share-config-custom.xml …


   <config evaluator="string-compare" condition="Remote">
      <remote>

        <!– SSL client certificate + trusted CAs. Optionally used to authenticate share to an external SSO system such as CAS –>
            <keystore>
                <path>/opt/alfresco/tomcat/shared/classes/alfresco/web-extension/alfresco-system.p12</path>
                <type>pkcs12</type>
                <password>********</password>
            </keystore>

         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
         </connector>
         
         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://kocw-vmg-alf-002.kocw.com/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>
   
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

warren_mcdonald · ‎11-01-2010

Have you checked the CAS SSO logs?

Are you definitely getting the certificate passed in to the tomcat server (hosting cas) from the fronting httpd.

You may have to add the specific directive in the virtual host for cas or in the common ssl.conf

CAS log will tell you (very briefly) if the cert is missing from the request.

Warren

forsetiavatar · ‎11-01-2010

if I import the certificate into the browser on my computer I get through CAS w/o being prompted for a login. The snoop.jsp page also shows 'alfresco-system' as the remote user. However there seems to be a point where Share should authenticate with Alfresco using the certificate.This seems to be where the problem lies. I think for some reason Share is not using the certificate. I get the 'no certificate found in request' error. I have the alfresco-system certificate specified in the <keystore> section of share-config-custom.xml. Is there anywhere else the certificate needs to be called out?

warren_mcdonald · ‎11-01-2010

Hi,

when accessing CAS with the alf-system cert you are making a https request. The export settings in apache ssl virtual host send the cert data to tomcat.

When alfresco share is accessing the alfresco repo endpoint it should be thrown to the cas service via the url in the auth_cas.conf which is https. So this should be OK.

In your endpoint config try using the https connector. The cert may not be being requested as there is no x509 processing in the initial http exchange (before the throw to CAS).

<endpoint-url>https://kocw-vmg-alf-002.kocw.com/alfresco/wcs</endpoint-url>

forsetiavatar · ‎11-01-2010

Warren,

I have tried switching the endpoint to https with the same result. Is there any additional logging you could recommend turning on to debug the problem? For some reason it seems share is not sending the cert to CAS. Thanks again. Additional information, I am using Fedora 12 for my OS.

warren_mcdonald · ‎11-02-2010

ah ha - So we are not going mad. See http://issues.alfresco.com/jira/browse/ALF-2788

This Jira spells out that 3.3 no longer responds to the "endpoint connector with keystore" config we are trying to use. This worked in 3.2 but is no longer relevant in 3.3

There is a work around to edit shares web.xml to remove SSO filter in favour of the new external-auth enabled global filter.

It is not clear however if this is actually going to work in 3.3 or only in 3.4. The explanation of the config work around is very bad and contradicts itself.

I will give it a go anyway. Whats to lose.

For the wiki to have specific references to 3.3 config and this to be known to be obsolete is pretty bad. I sense community support to starting to slip badly.

Warren

forsetiavatar · ‎11-02-2010

Wow, I am such an idiot….. I saw that bug when I first started working on this and I ignored it because at the time I thought I did not need x509 auth. Then I went back and configured everything as per the kiki and forgot about it. This is one of the reasons why I thought the cert was not needed in the first place. At least that verified one of the things I was trying to determine, which is if the wiki was correct. Which is it not.
BTW, I tried setting it up as per that bug in 3.4a as well and had no luck.
Well. this may not work for everyone but we are only using Share, not Alfresco Explorer. So what I did this morning was I removed Alfresco from being protected by CAS. Meaning I took out the <Location /alfresco> section in mod_auth_cas.conf and I can now log into Share using CAS.
Of course this means we can not log into Alfresco now. But I wonder if some sort of rewrite or proxy configuration would allow access to Alfresco Explorer through CAS for instance have a CAS protected version at http://someserver.com/alfresco and a proxied version, not protected by CAS that Share authenticates to at http://someserver.com/otheralfresco.

Thanks for all the help on this matter Warren. I am going to continue doing some tests to make sure that nothing in Share is broken by this and will post back. Right now I am trying to disable the flash uploader which does not work woth CAS auth either.

Hyland Connect

Share 3.3g with mod_auth_cas