Hyland Connect

maxim · ‎04-15-2010

Have a funny thing happening…. Upgraded from 3.2 to 3.3 and found that SSO no longer works. The passthru authentication is still happy and I can authenticate against AD but only with the login screen.

Has anyone else experienced this? The log snip below shows the last line of initialisation logging and then what happens when I use IE to open this page.

23:22:29,714 INFO [org.alfresco.web.site.servlet.NTLMAuthenticationFilter] NTLMAuthenticationFilter initialised.
23:23:18,573 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 03150002 Authorization 'NTLM' not supported.
org.springframework.extensions.webscripts.WebScriptException: 03150002 Authorization 'NTLM' not supported.
   at org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory$BasicHttpAuthenticator.authenticate(BasicHttpAuthenticatorFactory.java:154)
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:284)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:307)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:178)
   at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:116)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:619)

piski · ‎04-28-2010

P3d3r0s0 : (I'm not a moderator !!!) but I think you have to create another post because this is the best way to keep a topic clear (only focused on 1 subject) …

Maxim : Simple question -> have you restart your Alfresco Server ? To answer your question, I did only the thing I describe in my previous post, as suggested by Loftux.

p3d3r0s0 · ‎04-28-2010

I think its related, i need to make SSO work on Alfresco, and i was wondering if there was a step by step tutorial somewhere to make this happen. Including installing AD, which i believe you would need to make SSO work(im very new to this).

loftux · ‎04-28-2010

@Maxim: Check that you don't have 2 share-config-custom.xml in you classpath, if you have installed some addon you may find one in tomcat/webapps/share/WEB-INF/classes/alfresco/web-extension. It looks like tomcat/alfresco only can pick up one of them.
If you find 2, try to merge them so that you only have one.

maxim · ‎04-28-2010

Fixed by following Loftux & piski suggestions…. the problem I had was that I copy and pasted from piski's share-config-custom.xml exrtact in this thread…. Alfresco doesn't like the '—-' in the comments and wouldn't read the file.

Should teach me to read the log file first!

ops:

Thanks

Max

piski · ‎05-12-2010

SSO is now fixed !
https://issues.alfresco.com/jira/browse/ALF-2420

and the wiki is up to date : http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Alfresco_Share_SSO_using_NTLM

Thanks !

pat2man · ‎05-12-2010

So NTLM is working, what about external authentication? Seems the <keystore> bit is still not there…

kevinr · ‎07-08-2010

That config has now been added back into the .sample file in the trunk, here is the snippet:


   <!– 
        Overriding endpoints to reference an Alfresco server with external SSO enabled
        NOTE: If utilising a load balancer between web-tier and repository cluster, the "sticky
              sessions" feature of your load balancer must be used.
        NOTE: If alfresco server location is not localhost:8080 then also combine changes from the
              "example port config" section below.
        *Optional* keystore contains SSL client certificate + trusted CAs.
        Used to authenticate share to an external SSO system such as CAS
        Remove the keystore section if not required i.e. for NTLM.
   –>
   <!–
   <config evaluator="string-compare" condition="Remote">
      <remote>
         <keystore>
             <path>alfresco/web-extension/alfresco-system.p12</path>
             <type>pkcs12</type>
             <password>alfresco-system</password>
         </keystore>
         
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
         </connector>
         
         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>
   –>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Hyland Connect

SSO broken with 3.3 Upgrade