Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

share external auth header ignored

aaron_bru
Champ in-the-making
Champ in-the-making

‎08-07-2013 05:31 PM

Hi all, trying to use external auth with share in 4.2.c with tomcat 7.

Explorer is working fine, but whenever share trys to login, it requests this:

127.0.0.1 - - [07/Aug/2013:16:52:35 -0400] "GET /alfresco/wcs/touch HTTP/1.1" 302
127.0.0.1 - - [07/Aug/2013:16:52:35 -0400] "GET /alfresco/faces/jsp/login.jsp?_alfRedirect=%2Falfresco%2Fwcs%2Ftouch HTTP/1.1" 200
127.0.0.1 - - [07/Aug/2013:16:54:20 -0400] "GET /alfresco/wcs/webframework/content/metadata?user=tomcat HTTP/1.1" 302 - ???c???s() 302
127.0.0.1 - - [07/Aug/2013:16:54:20 -0400] "GET /alfresco/faces/jsp/login.jsp?_alfRedirect=%2Falfresco%2Fwcs%2Fwebframework%2Fcontent%2Fmetadata%3Fuser%3Dtomcat HTTP/1.1" 200

As you can see it ends up with a login redirect. I've been doing some debugging, and have everything setup according to the docs, in
org.alfresco.web.app.servlet.AuthenticationHelper.authenticate() the x-alfresco-remote-user header is there, but seems to be ignored.

What am I missing?
Labels:
0 Kudos
2 REPLIES 2

aaron_bru
Champ in-the-making
Champ in-the-making

‎08-08-2013 02:27 PM

I've done quite a lot more debugging on this, here's what I posted on IRC about it: (apparently to myself Smiley Happy

aaron-bru   seems like the problem is in org.alfresco.web.app.servlet.AuthenticationHelper.getRemoteUserMapper(), debug error message "No active remote user mapper.", which the code shows will result in…
   aaron-bru   …a redirect to login page. How can I fix this?
   aaron-bru   org.alfresco.web.app.servlet.DefaultRemoteUserMapper.getRemoteUser() does read the correct header, but then it ignores it for some reason, not sure if this is a bug or not
   aaron-bru   looks like its because proxyUserName is alfresco-system instead of null, even though I have external.authentication.proxyUserName=
   aaron-bru   How can I set proxyUserName to null?
   aaron-bru   I set it to null in the debugger and was able to login successfully, so I know its the problem
   aaron-bru   the value from the config file is not being set into DefaultRemoteUserMapper, the function setProxyHeader in the source
   aaron-bru   …is never called
   aaron-bru   hm seems like I have no choice but to modify the code…any ideas?


I've tried setting proxyUserName=something but something never shows up in DefaultRemoteUserMapper.proxyUserName Is this a bug?

My alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/external/external-filter-context.xml
has
<blockcode>
<bean id="remoteUserMapper" class="org.alfresco.web.app.servlet.DefaultRemoteUserMapper">
      <property name="proxyUserName">
         <value>${external.authentication.proxyUserName}</value>
      </property>
</blockcode>

in it, and my tomcat/shared/classes/alfresco/extension/external1/external-authentication.properties
has
<blockcode>
external.authentication.enabled=true
external.authentication.proxyUserName=
external.authentication.proxyHeader=X-Alfresco-Remote-User
</blockcode>
How come proxyUserName is not being set?
0 Kudos

aaron_bru
Champ in-the-making
Champ in-the-making

‎08-08-2013 03:11 PM

Turns out alfresco was ignoring my
tomcat/shared/classes/alfresco/extension/external1/external-authentication.properties
Moved everything to alfresco-global.properties and it worked. My fault for not checking that sooner.

But the question still remains why that property file was being ignored, I believe I set it up as the docs indicate. I'm using
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC