Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- SSO broken with 3.3 Upgrade
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SSO broken with 3.3 Upgrade
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2010 09:07 AM
Have a funny thing happening…. Upgraded from 3.2 to 3.3 and found that SSO no longer works. The passthru authentication is still happy and I can authenticate against AD but only with the login screen.
Has anyone else experienced this? The log snip below shows the last line of initialisation logging and then what happens when I use IE to open this page.
23:22:29,714 INFO [org.alfresco.web.site.servlet.NTLMAuthenticationFilter] NTLMAuthenticationFilter initialised.
23:23:18,573 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 03150002 Authorization 'NTLM' not supported.
org.springframework.extensions.webscripts.WebScriptException: 03150002 Authorization 'NTLM' not supported.
at org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory$BasicHttpAuthenticator.authenticate(BasicHttpAuthenticatorFactory.java:154)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:284)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:307)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:178)
at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Has anyone else experienced this? The log snip below shows the last line of initialisation logging and then what happens when I use IE to open this page.
23:22:29,714 INFO [org.alfresco.web.site.servlet.NTLMAuthenticationFilter] NTLMAuthenticationFilter initialised.
23:23:18,573 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 03150002 Authorization 'NTLM' not supported.
org.springframework.extensions.webscripts.WebScriptException: 03150002 Authorization 'NTLM' not supported.
at org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory$BasicHttpAuthenticator.authenticate(BasicHttpAuthenticatorFactory.java:154)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:284)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:307)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:178)
at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Labels:
- Labels:
-
Archive
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2010 10:10 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2010 06:03 AM
I have the same issue like you on my fresh Alfresco 3.3 installation
Moreover, It's impossible to apply patch which was available for Alfresco 3.2r2 ( https://issues.alfresco.com/jira/browse/ALFCOM-3801) because of the architecture seemed to change.
I hope there will be a fix available very soon !!!
Moreover, It's impossible to apply patch which was available for Alfresco 3.2r2 ( https://issues.alfresco.com/jira/browse/ALFCOM-3801) because of the architecture seemed to change.
I hope there will be a fix available very soon !!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2010 12:53 PM
Is this confirmed? Is it impossible to use SSO on version 3.3?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2010 04:04 AM
Yeah I confirm it … For me when I try to access to share (DM works normally) by SSO (passthru), it fails without error message but the form login appears.
Moreover, sometimes I can't access to share because my login / password don't work !
I close my web browser, I login again and then this time, this works (I can reproduce the problem).
Moreover, sometimes I can't access to share because my login / password don't work !
I close my web browser, I login again and then this time, this works (I can reproduce the problem).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2010 04:13 AM
Hi,
Maybe because of this? https://issues.alfresco.com/jira/browse/ALF-2605 (webscript-framework-config-custom.xml no longer read)
I was trying to get the external Authentication to work (http://forums.alfresco.com/en/viewtopic.php?f=9&t=26472), and didn't get it to work. For me it looks like your issue may be that the webscript-framework-config-custom.xml is no longer taken into account.
Maybe because of this? https://issues.alfresco.com/jira/browse/ALF-2605 (webscript-framework-config-custom.xml no longer read)
I was trying to get the external Authentication to work (http://forums.alfresco.com/en/viewtopic.php?f=9&t=26472), and didn't get it to work. For me it looks like your issue may be that the webscript-framework-config-custom.xml is no longer taken into account.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2010 07:17 AM
Hi,
Can you try to put what you have in webscript-framework-config-custom.xml in share-config-custom.xml instead and see if it works?
Make sure you have only one in you classpath, as it seems like only one of them is loaded.
Can you try to put what you have in webscript-framework-config-custom.xml in share-config-custom.xml instead and see if it works?
Make sure you have only one in you classpath, as it seems like only one of them is loaded.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2010 05:10 AM
I confirm the problem : if you place the content of webscript-framework-config-custom.xml in share-config-custom.xml, SSO with Share works fine.
So, your problem analysis was good, the file webscript-framework-config-custom.xml seems to be ignored (overriden ?).
Waiting a definitive fix, The file share-config-custom.xml should looks like :
So, your problem analysis was good, the file webscript-framework-config-custom.xml seems to be ignored (overriden ?).
Waiting a definitive fix, The file share-config-custom.xml should looks like :
<alfresco-config>
<!– Global config section –>
<config replace="true">
<flags>
<!–
Developer debugging setting to turn on DEBUG mode for client scripts in the browser
–>
<client-debug>true</client-debug>
<!–
LOGGING can always be toggled at runtime when in DEBUG mode (Ctrl, Ctrl, Shift, Shift).
This flag automatically activates logging on page load.
–>
<client-debug-autologging>false</client-debug-autologging>
</flags>
</config>
<!– Document Library config section –>
<config evaluator="string-compare" condition="DocumentLibrary" replace="true">
<!–
Whether the folder Tree component should enumerate child folders or not.
This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
–>
<tree>
<evaluate-child-folders>false</evaluate-child-folders>
</tree>
<!–
Used by the "Manage Aspects" action
For custom aspects, remember to also add the relevant i18n string(s)
cm_myaspect=My Aspect
–>
<aspects>
<!– Aspects that a user can see –>
<visible>
<aspect name="cm:generalclassifiable" />
<aspect name="cm:complianceable" />
<aspect name="cm:dublincore" />
<aspect name="cm:effectivity" />
<aspect name="cm:summarizable" />
<aspect name="cm:versionable" />
<aspect name="cm:templatable" />
<aspect name="cm:emailed" />
<aspect name="emailserver:aliasable" />
<aspect name="cm:taggable" />
<aspect name="app:inlineeditable" />
</visible>
<!– Aspects that a user can add. Same as "visible" if left empty –>
<addable>
</addable>
<!– Aspects that a user can remove. Same as "visible" if left empty –>
<removeable>
</removeable>
</aspects>
<!–
Used by the "Change Type" action
Define valid subtypes using the following example:
<type name="cm:content">
<subtype name="cm:mysubtype" />
</type>
Remember to also add the relevant i18n string(s):
cm_mysubtype=My SubType
–>
<types>
<type name="cm:content">
<subtype name="cm:mycontentsubtype" />
</type>
<type name="cm:folder">
<subtype name="cm:myfoldersubtype" />
</type>
</types>
<!–
If set, will present a WebDAV link for the current item on the Document and Folder details pages.
Also used to generate the "View in Alfresco Explorer" action for folders.
–>
<repository-url>http://localhost:8080/alfresco</repository-url>
</config>
<!– Repository Library config section –>
<config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
<!–
Whether the link to the Repository Library appears in the header component or not.
–>
<visible>true</visible>
<!–
Root nodeRef for top-level folder.
–>
<root-node>alfresco://company/home</root-node>
<!–
Whether the folder Tree component should enumerate child folders or not.
This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
–>
<tree>
<evaluate-child-folders>false</evaluate-child-folders>
</tree>
</config>
<!– IMPORTANT - USED TO SOLVE SSO SHARE BUG –>
<!– Overriding endpoints to reference an Alfresco server with external SSO or NTLM enabled –>
<!– NOTE: For NTLM, the NTLM Authentication Filter must also be enabled in share web.xml –>
<!– NOTE: if utilising a load balancer between web-tier and repository cluster, the "sticky –>
<!– sessions" feature of your load balancer must be used –>
<!– Optional keystore contains SSL client certificate + trusted CAs. Used to authenticate share to an external SSO system such as CAS –>
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
<authenticator-id>alfresco-ticket</authenticator-id>
</endpoint>
</remote>
</config>
<!– IMPORTANT - USED TO SOLVE SSO SHARE BUG –>
</alfresco-config>Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2010 06:51 AM
Other then the changes in the above post, is there a tutorial on how to get AD working with Alfresco? The documentation i have seems to be out of date(references to non existing fields or files).
Best regards
Best regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2010 07:32 AM
I tried moving the NTLM autentication content from webscript-framework-config-custom.xml to share-config-custom.xml in the shared\classes\alfresco\web-extension directory. Unfortunately I get the same error… interested to know if piski did anything different?
Thanks
Max
Thanks
Max
Related Content
- Error in Catalina.out on first login after reboot in Alfresco Forum
- Alfresco Community 23 with strange behavior in Alfresco Forum
- Community 23.2 disable Heartbeat feature? in Alfresco Forum
- Alfresco Community Edition 25.1 Release Notes in Alfresco Blog
- How to deal with user System in latest Alfresco versions in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
