Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[SOLVED] NTLM Authentication on Share

jtp
Champ in-the-making
Champ in-the-making

‎01-23-2009 09:53 AM

I've got NTLM authentication and passthrough configured per the Labs3Stable PDF.  Logging in to the /Alfresco interface works great.  Going to /share causes a 500 server error.  The key line out of the error page seems to be this:

java.lang.IllegalArgumentException: UserId is mandatory.
   org.alfresco.connector.ConnectorService.getCredentialVault(ConnectorService.java:510)
   org.alfresco.connector.ConnectorService.getCredentialVault(ConnectorService.java:491)
   org.alfresco.web.site.FrameworkHelper.getCredentialVault(FrameworkHelper.java:296)
   org.alfresco.web.site.FrameworkHelper.getCredentialVault(FrameworkHelper.java:310)

I've got logging enabled on both interfaces, but nothing is logged when i try to access /share

Anyone have any ideas on what might be off?
Labels:
0 Kudos
39 REPLIES 39

ofrxnz
Champ in-the-making
Champ in-the-making

‎02-13-2009 01:45 PM

Hey i'm getting the same error.  and have tried numerous variations configuring it.

So, ill go ahead and post my error and configs to see if anyone has any ideas. 

Thanks in advance.  This community rocks!!

I am running alfresco on Windows server 2k3 R2 fully updated with the firewall disabled for now.  I  used the full Labs 3 Stable install package.  So far, NTLM authentication is working, LDAP synchronization is working, CIFS and FTP are functional.  These authenticate against a similarly patched/updated Active Directory server. 

My client is a fully patched windows XP pro box on the domain using IE and Firefox as the browser.

SSO is fully functional for Alfresco web interface, WebDav, and CIFS.  IE will SSO into everything, Firefox is not configured to so i can see if it prompts for a password.

Share produces the following error when configured using the Alfresco 3 NTLM/SSO page in the wiki and everything i noticed in this thread. 

Neither IE will SSO or FireFox will prompt for credentials

Error

HTTP Status 500 - 

——————————————————————————–

type Exception report

message 

description The server encountered an internal error () that prevented it from fulfilling this request.

exception 

org.alfresco.error.AlfrescoRuntimeException: Unable to retrieve object: site-index of type: page
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:140)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:197)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:188)
   org.alfresco.web.site.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:144)


root cause 

org.alfresco.web.framework.exception.ModelObjectPersisterException: Error loading object id: site-index from persister id: RemoteStore_alfresco/site-data/pages_page
   org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:110)
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:197)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:188)
   org.alfresco.web.site.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:144)


root cause 

org.alfresco.web.framework.exception.ModelObjectPersisterException: Failure to load model object for path: site-index.xml
   org.alfresco.web.framework.StoreModelObjectPersister.getObjectByPath(StoreModelObjectPersister.java:170)
   org.alfresco.web.framework.StoreModelObjectPersister.getObject(StoreModelObjectPersister.java:108)
   org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:106)
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:197)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:188)
   org.alfresco.web.site.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:144)


root cause 

java.lang.IllegalArgumentException: UserId is mandatory.
   org.alfresco.connector.ConnectorService.getCredentialVault(ConnectorService.java:510)
   org.alfresco.connector.ConnectorService.getCredentialVault(ConnectorService.java:491)
   org.alfresco.web.site.FrameworkHelper.getCredentialVault(FrameworkHelper.java:296)
   org.alfresco.web.site.FrameworkHelper.getCredentialVault(FrameworkHelper.java:310)
   org.alfresco.web.site.AbstractRequestContext.getCredentialVault(AbstractRequestContext.java:435)
   org.alfresco.web.framework.WebFrameworkConnectorProvider.provide(WebFrameworkConnectorProvider.java:80)
   org.alfresco.web.scripts.RemoteStore.getConnector(RemoteStore.java:739)
   org.alfresco.web.scripts.RemoteStore.callGet(RemoteStore.java:693)
   org.alfresco.web.scripts.RemoteStore.hasDocument(RemoteStore.java:344)
   org.alfresco.web.framework.StoreModelObjectPersister.getObjectByPath(StoreModelObjectPersister.java:136)
   org.alfresco.web.framework.StoreModelObjectPersister.getObject(StoreModelObjectPersister.java:108)
   org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:106)
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:197)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:188)
   org.alfresco.web.site.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:144)


ntlm-authentication-context.xml.  I have tried several different ways to define the the servers


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

   <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
         <property name="allowSetEnabled" value="true" />
         <property name="allowGetEnabled" value="true" />
         <property name="allowDeleteUser" value="true" />
         <property name="allowCreateUser" value="true" />
   </bean>


   <!– The authentication component.                                      –>

   <!– Use the passthru authentication component to authenticate using    –>
   <!– user accounts on one or more Windows servers.                      –>

   <!– Properties that specify the server(s) to use for passthru          –>
   <!– authentication :-                                                  –>
   <!–   useLocalServer   use the local server for authentication         –>
   <!–   domain           use domain controllers from the specified domain–>
   <!–   servers          comma delimted list of server addresses or      –>
   <!–                    names                                           –>

   <bean id="authenticationComponent"
         class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
         parent="authenticationComponentBase">
       <property name="useLocalServer">
           <value>false</value>
       </property>
       <property name="servers">
           <value>DOMAIN\<IP of DC 1>,DOMAIN\<IP of DC 2>,<IP of DC 1></value>
       </property>
       <property name="personService">
           <ref bean="personService" />
       </property>
       <property name="nodeService">
           <ref bean="nodeService" />
       </property>
       <property name="transactionService">
           <ref bean="transactionComponent" />
       </property>
       <property name="guestAccess">
           <value>false</value>
       </property>
   </bean>

</beans>


webscript-framework-config-custom.xml  I have tried several variations on teh URL including http://server:8080/alfresco/wcs, http://server.domain.com:8080/alfresco/wcs, https://server/alfresco/wcs, https://server.domain.com/alfresco/wcs.  HTTPS works fine from a user standpoint.  I have also tried a lagging / after wcs.  

<alfresco-config>
   
   <!– Overriding endpoints to reference a remote Alfresco server –>
   <!–
   <config evaluator="string-compare" condition="Remote">
      <remote>

         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://<server>:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://<server>:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://<server>:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
         
      </remote>
   </config>
   –>
   
   <!– Overriding endpoints to reference an Alfresco server with NTLM filter enabled –>
   <!– NOTE: the NTLM Authentication Filter must be enabled for both repository and web-tier web.xml –>
   <!– NOTE: if utilising a load balancer between web-tier and repository cluster, the "sticky –>
   <!–       sessions" feature of your load balancer must be used when NTLM filter is active –>
   <!—->
   <config evaluator="string-compare" condition="Remote">
      <remote>
         
         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://server.domain.local:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
         
      </remote>
   </config>
   <!—->

</alfresco-config>

Share web.xml.  this is the file i have mucked around the least with.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

   <display-name>Alfresco Project Slingshot</display-name>    
   <description>Alfresco Project Slingshot application</description>
   
   <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>
         classpath:alfresco/webscript-framework-application-context.xml
         classpath:alfresco/web-framework-application-context.xml
         classpath:alfresco/web-framework-model-context.xml
         classpath:alfresco/slingshot-application-context.xml
      </param-value>
      <description>Spring config file locations</description>
   </context-param>
   
   <!– For NTLM authentication support use the following filter –>
   <!– –>
   <filter>
      <filter-name>Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.site.servlet.NTLMAuthenticationFilter</filter-class>
      <init-param>
         <param-name>endpoint</param-name>
         <param-value>alfresco</param-value>
      </init-param>
   </filter>
   
 <!–  –>
   <!– For NTLM authentication support enable the following mappings –>
   <!– after enabling the NTLMAuthenticationFilter filter class above –>
   <!– –>
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/page/*</url-pattern>
   </filter-mapping>
   
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/p/*</url-pattern>
   </filter-mapping>
   
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/s/*</url-pattern>
   </filter-mapping>
  <!—->
   
   <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
   </listener>
   
   <servlet>
      <servlet-name>apiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>container</param-name>
         <param-value>webframework.webscripts.container</param-value>
      </init-param>
      <!–
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.basic</param-value>
      </init-param>
      –>
   </servlet>
   
   <servlet>
      <servlet-name>feedApiServlet</servlet-name>
      <servlet-class>org.alfresco.web.site.servlet.WebScriptFeedServlet</servlet-class>
      <init-param>
         <param-name>container</param-name>
         <param-value>webframework.webscripts.container</param-value>
      </init-param>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.delegatingbasic</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>proxyServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.EndPointProxyServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>uriTemplateServlet</servlet-name>
      <servlet-class>org.alfresco.web.uri.UriTemplateServlet</servlet-class>
   </servlet>

   <!– The Web Framework Dispatcher Servlet –>
   <servlet>
      <servlet-name>pageRendererServlet</servlet-name>
      <servlet-class>org.alfresco.web.site.servlet.DispatcherServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
   </servlet>
   
   <servlet>
      <servlet-name>frameworkControlServlet</servlet-name>
      <servlet-class>org.alfresco.web.site.servlet.FrameworkControlServlet</servlet-class>
   </servlet>
   
   <servlet>
      <servlet-name>loginServlet</servlet-name>
      <servlet-class>org.alfresco.web.site.servlet.LoginServlet</servlet-class>
   </servlet> 

   <servlet>
      <servlet-name>logoutServlet</servlet-name>
      <servlet-class>org.alfresco.web.site.servlet.LogoutServlet</servlet-class>
   </servlet> 

   <servlet-mapping>
      <servlet-name>logoutServlet</servlet-name>
      <url-pattern>/logout</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>loginServlet</servlet-name>
      <url-pattern>/login/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>apiServlet</servlet-name>
      <url-pattern>/service/*</url-pattern>
   </servlet-mapping>
   
   <servlet-mapping>
      <servlet-name>feedApiServlet</servlet-name>
      <url-pattern>/feedservice/*</url-pattern>
   </servlet-mapping>
   
   <servlet-mapping>
      <servlet-name>proxyServlet</servlet-name>
      <url-pattern>/proxy/*</url-pattern>
   </servlet-mapping>
   
   <servlet-mapping>
      <servlet-name>pageRendererServlet</servlet-name>
      <url-pattern>/page/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>pageRendererServlet</servlet-name>
      <url-pattern>/p/*</url-pattern>
   </servlet-mapping>
   
   <servlet-mapping>
      <servlet-name>uriTemplateServlet</servlet-name>
      <url-pattern>/s/*</url-pattern>
   </servlet-mapping>
   
   <servlet-mapping>
      <servlet-name>frameworkControlServlet</servlet-name>
      <url-pattern>/control/*</url-pattern>
   </servlet-mapping>
   
   <session-config>
      <session-timeout>60</session-timeout>
   </session-config>

   <!– welcome file list precedence order is index.jsp, then index.html –>
   <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
      <welcome-file>index.html</welcome-file>
   </welcome-file-list>

</web-app>
0 Kudos

bashmaq
Champ in-the-making
Champ in-the-making

‎02-16-2009 03:28 AM

Tried different configs too but it doesn`t help a lot. Full Alfresco Final distributive on Windows XP and separate WAR deployed on CentOS 5.2 shows the same error.
Is there any tracing/debugging possibilities?
0 Kudos

jtp
Champ in-the-making
Champ in-the-making

‎02-16-2009 07:32 AM

Whenever I turn on the NTLM debug lines, it only records action on /alfresco, never for /share.
0 Kudos

ivan_plestina
Champ in-the-making
Champ in-the-making

‎02-17-2009 03:33 AM

https://issues.alfresco.com/jira/browse/ALFCOM-2579
0 Kudos

docgreen
Champ in-the-making
Champ in-the-making

‎02-23-2009 03:22 PM

I have got the same problem.

SSO ist not possible for Share, but is working for alfresco. I've tried Labs3 and the last nightly build on Windows 2003 an also on CentOS 5.2. Both with Java 1.6u12.


Have someome already found a solution?
0 Kudos

jtp
Champ in-the-making
Champ in-the-making

‎02-23-2009 04:06 PM

No luck here.  The JIRA ticket has 6 votes but no action yet.
0 Kudos

kevinr
Star Contributor
Star Contributor

‎03-18-2009 01:10 PM

this error:

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

org.alfresco.error.AlfrescoRuntimeException: Unable to retrieve object: site-index of type: page
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:140)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:197)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:188)
   org.alfresco.web.site.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:144)

root cause

org.alfresco.web.framework.exception.ModelObjectPersisterException: Error loading object id: site-index from persister id: RemoteStore_alfresco/site-data/pages_page
   org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:110)
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136

means the docs haven't been followed here: http://wiki.alfresco.com/wiki/3.0_Configuring_NTLM#Alfresco_Share_SSO_using_NTLM
BUT i fully except a whole bunch of people are saying it's not working Smiley Happy I know it's working in 3.0 Enterprise, 3.0.1 Enterprise and the new 3.1 Enterprise. And in theory Labs 3D has all the fixes rolled up from 3.0.1 so those docs should be correct. I will give it a go myself here following those instructions and let you know ASAP.

Cheers,

Kev
0 Kudos

jtp
Champ in-the-making
Champ in-the-making

‎03-18-2009 01:21 PM

Thanks Kev.
I would not be surprised if I screwed something up.  It's been known to happen Smiley Happy.  I, and the 14 people who voted for the JIRA ticket are looking forward to your results!

If I can provide any of my files to help, let me know.
0 Kudos

kevinr
Star Contributor
Star Contributor

‎03-18-2009 01:31 PM

No problem, I believe calling 14+ people "wrong" would be extremely foolish without trying it myself especially since this comment from the JIRA bug:
Share SSO doesn't work when configured by wiki http://wiki.alfresco.com/wiki/3.0_Configuring_NTLM#Alfresco_Share_SSO_using_NTLM

Alfresco version is Labs 3 Stable, build 1526. Note that share.war from a bit older nightly releases does work with same config. Also check http://forums.alfresco.com/en/viewtopic.php?f=47&t=16472&st=0&sk=t&sd=a&start=15
does worry me that a change sneaked into Labs that shouldn't have… If so I'll try and find out exactly what it was and provide you with a patched class or new config if at all possible.

Thanks,

Kev
0 Kudos

kevinr
Star Contributor
Star Contributor

‎03-19-2009 06:48 AM

Please see https://issues.alfresco.com/jira/browse/ALFCOM-2579 (now FIXED) for solution.

Kev
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC