cancel
Showing results for 
Search instead for 
Did you mean: 

Share Login Problems when forcing Tomcat to use only SSL/HTTPS (Alfresco 5.0.d)

dfxx
Champ in-the-making
Champ in-the-making
Dear all,

I'm completely new to Alfresco and also web servers, so please excuse any easy or "dumb" question. For a university project, my team and me are supposed to develop an Alfresco plugin. I am currently responsible for installing and configuring on our own server for testing purposes. I dislike the idea that the Alfresco installer comes "all in one" and does not make use of pre-installed software on the server, such as a database or a webserver. Hence, I decided to manually install the components.

Up to now, I did the following:
<ul>
  <li>Install Java 8.</li>
  <li>Install Tomcat 7 and enable SSL support using self-signed certificates (it is only a test environment).</li>
  <li>Install MariaDB (MySQL).</li>
  <li>Followed instructions at http://docs.alfresco.com/5.0/tasks/alf-war-install.html</li>
</ul>

I dislik the fact that the share log in possible using only HTTPS, so I wanted to enforce HTTPS on Tomcat. To do so, I added the following lines to /var/lib/tomcat7/conf/web.xml:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <!– auth-constraint goes here if you requre authentication –>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>


Furthermore, I edited my /var/lib/tomcat7/conf/server.xml:

<Connector port="8080" enableLookups="false"
       redirectPort="8443" />


I also changed /var/lib/tomcat7/shared/classes/alfresco-global.properties file accordingly:

#
# URL Generation Parameters (The ${localname} token is replaced by the local server name)
#————-
alfresco.context=alfresco
alfresco.host=${localname}
#alfresco.port=8080
alfresco.port=8443
alfresco.protocol=https

share.context=share
share.host=${localname}
#share.port=8080
share.port=8443
share.protocol=https


However, since I forced Tomcat to use HTTPS, I can no longer log in to share. My (correct) credentials are simply rejected. I attached alfresco.log and share.log. I already googled for a solution, but I did not get any further. I read about similar problems which were solved by using both Apache httpd and Tomcat. If possible, I would like to avoid installing another web server to keep the complexity low. As I already mentioned, I'm very new to this field.

I would really appreciate suggestions and comments from you. If you need further information, just let me know.

Thanks in advance and kind regards,

dfxx
1 REPLY 1

eswbitto
Confirmed Champ
Confirmed Champ
I have had several issues trying to get tomcat to handle the ssl traffic. No matter what configuration I have done or tweaking I would end up where you are right now.

I know that you stated that you don't want to install another webserver, but I do have apache handling the SSL connections and to be quite honest it only takes about half a day to do. If you search the forums you will find posts that I have made outlining how to do this.

Getting started

Tags


Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.