Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO + Passthru

nm_santos
Champ in-the-making
Champ in-the-making

‎04-20-2012 12:02 PM

Hi everyone,

I'm trying to configure a passthru authentication with SSO but I keep getting an error when I access Alfresco Share. Can anyone help?


org.springframework.extensions.surf.exception.PlatformRuntimeException: 03200006 Incorrectly configured endpoint ID: alfresco
org.alfresco.web.site.servlet.SSOAuthenticationFilter.challengeOrPassThrough(SSOAuthenticationFilter.java:593)
org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:378)

Here's my alfresco global properties file (only the passthru configuration):
authentication.chain=passthru1:passthru

ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.domain=domain
passthru.authentication.servers=domain\\logonserver
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=myUser

I used the following command in the command line: echo %USERDOMAIN% %LOGONSERVER% and it showed the appropriate names "domain" and "logonserver" respectively.

My share-custom-config.xml file:

<alfresco-config>
   
   <!– Repository Library config section –>
   <config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
      <!–
         Whether the link to the Repository Library appears in the header component or not.
      –>
      <visible>true</visible>
   </config>

   <config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
      </remote>
   </config>
   
   <!– 
        Overriding endpoints to reference an Alfresco server with external SSO enabled
        NOTE: If utilising a load balancer between web-tier and repository cluster, the "sticky
              sessions" feature of your load balancer must be used.
        NOTE: If alfresco server location is not localhost:8080 then also combine changes from the
              "example port config" section below.
        *Optional* keystore contains SSL client certificate + trusted CAs.
        Used to authenticate share to an external SSO system such as CAS
        Remove the keystore section if not required i.e. for NTLM.
        
        NOTE: For Kerberos SSO rename the "KerberosDisabled" condition above to "Kerberos"
        
        NOTE: For external SSO switch the endpoint connector to "AlfrescoHeader" and set
              the userHeader to the name of the HTTP header that the external SSO
              uses to provide the authenticated user name.
–>
   <config evaluator="string-compare" condition="Remote">
      <remote>
         <keystore>
             <path>alfresco/web-extension/alfresco-system.p12</path>
             <type>pkcs12</type>
             <password>alfresco-system</password>
         </keystore>
         
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>SsoUserHeader</userHeader>
         </connector>
         
          <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>SsoUserHeader</userHeader>
         </connector>

        <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>

</alfresco-config>


My tomcat.out log keeps displaying this warning repeatedly:


WARN : org.alfresco.wcm.client.util.impl.GuestSessionFactoryImpl - WQS unable to connect to repository: Unauthorized

As for my tomcat.err log, this happens:


SEVERE: Servlet.service() for servlet Spring Surf Dispatcher Servlet threw exception
org.springframework.extensions.surf.exception.PlatformRuntimeException: 03200002 Incorrectly configured endpoint ID: alfresco
   at org.alfresco.web.site.servlet.SSOAuthenticationFilter.challengeOrPassThrough(SSOAuthenticationFilter.java:593)
   at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:378)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
   at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
   at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
   at java.lang.Thread.run(Thread.java:662)
Labels:
0 Kudos
12 REPLIES 12

afaust
Legendary Innovator
Legendary Innovator

‎04-22-2012 04:47 PM

Hello,

you may have some errors in your configuration. In Alfresco 4 I do not see any class named org.alfresco.web.site.servlet.SlingshotAlfrescoConnector - you may have taken a snippet that references a class from an older Alfresco release. The correct class to use for alfrescoCookie is org.springframework.extensions.webscripts.connector.AlfrescoConnector.

Regards
Axel
0 Kudos

nm_santos
Champ in-the-making
Champ in-the-making

‎04-24-2012 05:19 AM

Hello,

you may have some errors in your configuration. In Alfresco 4 I do not see any class named org.alfresco.web.site.servlet.SlingshotAlfrescoConnector - you may have taken a snippet that references a class from an older Alfresco release. The correct class to use for alfrescoCookie is org.springframework.extensions.webscripts.connector.AlfrescoConnector.

Regards
Axel


I'm using Alfresco Community 3.4 and I followed the steps described in here http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Alfresco_Share_SSO_using_NTLM .

Which is why i don't know where the error is 😕

Thanks in advance,
Nuno.
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎04-24-2012 05:50 AM

Hello,

it appears someone has changed the wiki documentation to which you are referring on April 2nd (a day too late?). Please see the revision of March 27th, which contains the correct guide.
I have to check wether the information added on April 2nd is based on changes in a Enterprise service pack or just wrong…

Regards
Axel
0 Kudos

nm_santos
Champ in-the-making
Champ in-the-making

‎04-24-2012 09:38 AM

Hello,

it appears someone has changed the wiki documentation to which you are referring on April 2nd (a day too late?). Please see the revision of March 27th, which contains the correct guide.
I have to check wether the information added on April 2nd is based on changes in a Enterprise service pack or just wrong…

Regards
Axel


Thanks for your help. Smiley Happy

But I'm now having different errors and I'm lost.

I'm going to show you my global properties file and the share custom config.xml.


## Authentication ##
authentication.chain=passthru1:passthru

ntlm.authentication.sso.enabled=true

passthru.authentication.useLocalServer=false
passthru.authentication.domain=mydomain
passthru.authentication.servers=mydomain\\logonserver
passthru.authentication.defaultAdministratorUserNames=admin,nb19200

admin is the default username, nb19200 is my computer user name, which I try to use with SSO..

As for my share config file, all I did was overwrite it with the sample file and uncomment the SSO section.


<alfresco-config>

   <!– Global config section –>
   <config replace="true">
      <flags>
         <!–
            Developer debugging setting to turn on DEBUG mode for client scripts in the browser
         –>
         <client-debug>false</client-debug>

         <!–
            LOGGING can always be toggled at runtime when in DEBUG mode (Ctrl, Ctrl, Shift, Shift).
            This flag automatically activates logging on page load.
         –>
         <client-debug-autologging>false</client-debug-autologging>
      </flags>
   </config>
   
   <config evaluator="string-compare" condition="WebFramework">
      <web-framework>
         <!– SpringSurf Autowire Runtime Settings –>
         <!– 
              Developers can set mode to 'development' to disable; SpringSurf caches,
              FreeMarker template caching and Rhino JavaScript compilation.
         –>
         <autowire>
            <!– Pick the mode: "production" or "development" –>
            <mode>production</mode>
         </autowire>
      </web-framework>
   </config>

   <config evaluator="string-compare" condition="Replication">
      <share-urls>
         <!–
            To discover a Repository Id, browse to the remote server's CMIS landing page at:
              http://{server}:{port}/alfresco/service/cmis/index.html
            The Repository Id field is found under the "CMIS Repository Information" expandable panel.

            Example config entry:
              <share-url repositoryId="622f9533-2a1e-48fe-af4e-ee9e41667ea4">http://new-york-office:8080/share/</share-url>
         –>
      </share-urls>
   </config>

   <!– Document Library config section –>
   <config evaluator="string-compare" condition="DocumentLibrary" replace="true">

      <tree>
         <!–
            Whether the folder Tree component should enumerate child folders or not.
            This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
         –>
         <evaluate-child-folders>false</evaluate-child-folders>
         
         <!–
            Optionally limit the number of folders shown in treeview throughout Share.
         –>
         <maximum-folder-count>-1</maximum-folder-count>
      </tree>

      <!–
         Used by the "Manage Aspects" action

         For custom aspects, remember to also add the relevant i18n string(s)
            cm_myaspect=My Aspect
      –>
      <aspects>
         <!– Aspects that a user can see –>
         <visible>
            <aspect name="cm:generalclassifiable" />
            <aspect name="cm:complianceable" />
            <aspect name="cm:dublincore" />
            <aspect name="cm:effectivity" />
            <aspect name="cm:summarizable" />
            <aspect name="cm:versionable" />
            <aspect name="cm:templatable" />
            <aspect name="cm:emailed" />
            <aspect name="emailserver:aliasable" />
            <aspect name="cm:taggable" />
            <aspect name="app:inlineeditable" />
            <aspect name="gd:googleEditable" />
            <aspect name="cm:geographic" />
            <aspect name="exif:exif" />
         </visible>

         <!– Aspects that a user can add. Same as "visible" if left empty –>
         <addable>
         </addable>

         <!– Aspects that a user can remove. Same as "visible" if left empty –>
         <removeable>
         </removeable>
      </aspects>

      <!–
         Used by the "Change Type" action

         Define valid subtypes using the following example:
            <type name="cm:content">
               <subtype name="cm:mysubtype" />
            </type>

         Remember to also add the relevant i18n string(s):
            cm_mysubtype=My SubType
      –>
      <types>
         <type name="cm:content">
         </type>

         <type name="cm:folder">
         </type>
      </types>

      <!–
         If set, will present a WebDAV link for the current item on the Document and Folder details pages.
         Also used to generate the "View in Alfresco Explorer" action for folders.
      –>
      <repository-url>http://localhost:8080/alfresco</repository-url>

      <!–
         Google Docs™ integration
      –>
      <google-docs>
         <!–
            Enable/disable the Google Docs UI integration (Extra types on Create Content menu, Google Docs actions).
         –>
         <enabled>false</enabled>

         <!–
            The mimetypes of documents Google Docs allows you to create via the Share interface.
            The I18N label is created from the "type" attribute, e.g. google-docs.doc=Google Docs&trade; Document
         –>
         <creatable-types>
            <creatable type="doc">application/msword</creatable>
            <creatable type="xls">application/vnd.ms-excel</creatable>
            <creatable type="ppt">application/vnd.ms-powerpoint</creatable>
         </creatable-types>
      </google-docs>

      <!–
         File upload configuration
      –>
      <file-upload>
         <!–
            Adobe Flash™
            In certain environments, an HTTP request originating from Flash cannot be authenticated using an existing session.
            See: http://bugs.adobe.com/jira/browse/FP-4830
            For these cases, it is useful to disable the Flash-based uploader for Share Document Libraries.
         –>
         <adobe-flash-enabled>true</adobe-flash-enabled>
      </file-upload>
   </config>

   <!– Repository Library config section –>
   <config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
      <!–
         Root nodeRef or xpath expression for top-level folder.
         e.g. alfresco://user/home, /app:company_home/st:sites/cm:site1
         If using an xpath expression, ensure it is properly ISO9075 encoded here.
      –>
      <root-node>alfresco://company/home</root-node>

      <tree>
         <!–
            Whether the folder Tree component should enumerate child folders or not.
            This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
         –>
         <evaluate-child-folders>false</evaluate-child-folders>
         
         <!–
            Optionally limit the number of folders shown in treeview throughout Share.
         –>
         <maximum-folder-count>500</maximum-folder-count>
      </tree>
   </config>
   
   <!– Kerberos settings –>
   <config evaluator="string-compare" condition="Kerberos" replace="true">
      <kerberos>
         <!–
            Password for HTTP service account.
            The account name *must* be built from the HTTP server name, in the format :
               HTTP/<server_name>@<realm>
            (NB this is because the web browser requests an ST for the
            HTTP/<server_name> principal in the current realm, so if we're to decode
            that ST, it has to match.)
         –>
         <password>secret</password>
         <!–
            Kerberos realm and KDC address.
         –>
         <realm>ALFRESCO.ORG</realm>
         <!–
            Service Principal Name to use on the repository tier.
            This must be like: HTTP/host.name@REALM
         –>
         <endpoint-spn>HTTP/repository.server.com@ALFRESCO.ORG</endpoint-spn>
         <!–
            JAAS login configuration entry name.
         –>
         <config-entry>ShareHTTP</config-entry>
      </kerberos>
   </config>

   <!– 
        Overriding endpoints to reference an Alfresco server with external SSO enabled
        NOTE: If utilising a load balancer between web-tier and repository cluster, the "sticky
              sessions" feature of your load balancer must be used.
        NOTE: If alfresco server location is not localhost:8080 then also combine changes from the
              "example port config" section below.
        *Optional* keystore contains SSL client certificate + trusted CAs.
        Used to authenticate share to an external SSO system such as CAS
        Remove the keystore section if not required i.e. for NTLM.
   –>
   
   <config evaluator="string-compare" condition="Remote">
      <remote>         
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
         </connector>
         
         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>
   
   
   <!– example port config used to access remote Alfresco server (default is 8080) –>
   <!–
   <config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
      </remote>
   </config>
   –>

</alfresco-config>


As for the errors, I keep getting repeatedly:


WARN : org.alfresco.wcm.client.util.impl.GuestSessionFactoryImpl - WQS unable to connect to repository: Unauthorized

And now a new error:


SEVERE: Exception starting filter Authentication Filter
java.lang.SecurityException: Unable to locate a login configuration
   at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
   at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
   at java.lang.Class.newInstance0(Class.java:355)
   at java.lang.Class.newInstance(Class.java:308)
   at javax.security.auth.login.Configuration$3.run(Configuration.java:247)
   at java.security.AccessController.doPrivileged(Native Method)
   at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242)
   at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
   at java.security.AccessController.doPrivileged(Native Method)
   at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
   at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
   at org.alfresco.web.site.servlet.SSOAuthenticationFilter.init(SSOAuthenticationFilter.java:246)
   at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:295)
   at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:422)
   at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:115)
   at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4001)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4651)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:905)
   at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:740)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:500)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.io.IOException: Unable to locate a login configuration
   at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250)
   at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)
   … 41 more

I am totally lost.

Nuno
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎04-24-2012 09:54 AM

Hello,

in your share-config you have Kerberos enabled. This leads to the error in the log you posted, since you probably have not specified a JAAS configuration file in your Tomcat start parameters. Kerberos is not relevant for Passthru SSO and should be disabled.

Regards
Axel
0 Kudos

nm_santos
Champ in-the-making
Champ in-the-making

‎04-24-2012 10:33 AM

Hello,

in your share-config you have Kerberos enabled. This leads to the error in the log you posted, since you probably have not specified a JAAS configuration file in your Tomcat start parameters. Kerberos is not relevant for Passthru SSO and should be disabled.

Regards
Axel


Hello,

I can successfully login with users from the domain network! Thanks Smiley Very Happy

However,

Everytime I login with someone, the login is successfull but an error occurs in the logs


24/Abr/2012 15:41:02 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet wcapiServlet threw exception
net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
   at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:783)
   at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:554)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy200.authenticate(Unknown Source)
   at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:372)
   at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:278)
   at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:132)
   at sun.reflect.GeneratedMethodAccessor405.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy213.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter.doFilter(WebScriptSSOAuthenticationFilter.java:133)
   at sun.reflect.GeneratedMethodAccessor405.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy213.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
   at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
   at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
   at java.lang.Thread.run(Thread.java:662)
24/Abr/2012 15:41:02 org.apache.catalina.core.ApplicationDispatcher invoke
SEVERE: Servlet.service() for servlet jsp threw exception
java.lang.NullPointerException
   at org.alfresco.web.ui.repo.tag.PageTag.generateWindowOnloadCode(PageTag.java:368)
   at org.alfresco.web.ui.repo.tag.PageTag.doStartTag(PageTag.java:273)
   at org.apache.jsp.jsp.error_jsp._jspService(error_jsp.java:80)
   at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
   at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
   at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
   at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:438)
   at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
   at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
   at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:421)
   at org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:270)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
   at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
   at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
   at java.lang.Thread.run(Thread.java:662)
24/Abr/2012 15:41:02 org.apache.catalina.core.StandardHostValve custom
SEVERE: Exception Processing ErrorPage[exceptionType=java.lang.Exception, location=/jsp/error.jsp]
org.apache.jasper.JasperException: java.lang.NullPointerException
   at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:491)
   at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:419)
   at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
   at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
   at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:438)
   at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
   at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
   at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:421)
   at org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:270)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
   at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
   at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
   at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.NullPointerException
   at org.alfresco.web.ui.repo.tag.PageTag.generateWindowOnloadCode(PageTag.java:368)
   at org.alfresco.web.ui.repo.tag.PageTag.doStartTag(PageTag.java:273)
   at org.apache.jsp.jsp.error_jsp._jspService(error_jsp.java:80)
   at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
   … 19 more

And the SSO doesn't seem to work 😕 (I added localhost to the IE Trusted Sites)

Also, the WQS warnings continue to appear.

Thanks in advance,
Nuno
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎04-24-2012 10:45 AM

Hello,

I assume you have valid values for the following properties in your configuration that you did not want to share publicly:

passthru.authentication.domain=mydomain
passthru.authentication.servers=mydomain\\logonserver

You need to provide a (Windows) Domain Controller in order to use passthru. The last error you reported was about Alfresco not being able to find one using the address specified in alfresco-global.

Regards
Axel
0 Kudos

nm_santos
Champ in-the-making
Champ in-the-making

‎04-24-2012 11:08 AM

Hello,

I assume you have valid values for the following properties in your configuration that you did not want to share publicly:

passthru.authentication.domain=mydomain
passthru.authentication.servers=mydomain\\logonserver

You need to provide a (Windows) Domain Controller in order to use passthru. The last error you reported was about Alfresco not being able to find one using the address specified in alfresco-global.

Regards
Axel

Thank you for your patience, Axel.

Here's my config file:



authentication.chain=passthru1:passthru

ntlm.authentication.sso.enabled=true

alfresco.authentication.authenticateCIFS=false

passthru.authentication.useLocalServer=false
passthru.authentication.domain=me.intra
passthru.authentication.servers=me.intra\\me.intrame.intra\\me2.intrame.intra\\me3.intra, adptl201me.intra
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=me

#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000

#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false

I don't know what is wrong on the servers names. They look right to me.

I try the following command in the command line:

echo %userdomain% %logonserver% and this is what I get:

ME\\ADPTL202

So, I changed the alfresco global properties to the following and the error remains:


### Authentication ###

authentication.chain=passthru1:passthru

ntlm.authentication.sso.enabled=true

alfresco.authentication.authenticateCIFS=false

passthru.authentication.useLocalServer=false
passthru.authentication.domain=nme
passthru.authentication.servers=me\\adptl201,me\\adptl202,me\\adptl203
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=me

#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000

#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false

Nuno
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎04-24-2012 12:03 PM

Hello,

unfortunately, I do not have a lot of practice running Alfresco on a Windows server. You said you've tried the short domain name - have you also tried NOVABASE\\ADPTL202 for server? Have you checked name resolution on your Alfresco server for the addresses provided (e.g. nslookup / ping)? Have you tried without specifying passthru.authentication.domain (leaving it blank, which was the case in all installations I maintained that use passthru)?

Regards
Axel
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC