Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO with Kerberos/ Jaas doesn´t work

alfone
Champ in-the-making
Champ in-the-making

‎10-07-2009 09:33 AM

Hi,

my problem seems so easy, but i go crazy without a solution.

My Situation:
i set up alfresco 3.2 community edition on a linux-machine
and i want to authenticate against Kerberos…

Without Kerberos everything works fine. i see the cifsdrive can login over my webbrowser…everything is ok :!:

when i start with kerberos most things seem to be right.
the cifs server get the ticket from KDC, the same for the httpserver.
Now, when i try sso with my browser FF3.5/ IE i only can see a white space and the server redirect to
- http://192.168.20.190:8080/alfresco/faces/jsp/dashboards/container.jsp -

My problem:

where i have to enable, that the users are able to authenticate against Kerberos/ Jaas.
or where are the user informationen stored?
or what is to do??

thanks for you help!
Labels:
0 Kudos
6 REPLIES 6

dward
Champ on-the-rise
Champ on-the-rise

‎10-08-2009 12:23 PM

This suggests that authentication has worked and you are being redirected to the main Alfresco Explorer page.

So is the screen completely blank? Do you see anything in alfresco.log?

All you have to do is set

authentication.chain=kb:kerberos

then do the remaining server side configuration as described here

http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuring_against_Active_Director...
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎10-08-2009 12:24 PM

I should add that a fix was made after the v3.2 community release to make it work, so you will need a more recent nightly build.
0 Kudos

alfone
Champ in-the-making
Champ in-the-making

‎10-13-2009 06:35 AM

This suggests that authentication has worked and you are being redirected to the main Alfresco Explorer page.
So is the screen completely blank? Do you see anything in alfresco.log?
All you have to do is set
authentication.chain=kb:kerberos
then do the remaining server side configuration as described here
——————–

Yes. Authentication works…

Yes. The screen is completly blank!

Alfresco.log for HTTP service…
DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.20.163 (192.168.20.163:2564)
DEBUG [app.servlet.KerberosAuthenticationFilter] Client sent an NTLMSSP security blob

Alfresco.log for cifs:
12:32:42,985 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
12:32:43,000 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
12:32:43,091 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=65279
12:32:43,101 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
12:32:43,130 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=24, UID=0, PID=65279
12:32:43,130 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
…etc…

and something else…when i try to connect from another linuxmachine with  :arrow:  smbclient -d 2 -k //192.168.20.190/alfresco
the alfresco log say:
14:18:35,031  DEBUG [smb.protocol.auth] No SPNEGO response, Kerberos logon failed
14:18:35,031  ERROR [smb.protocol.auth] Kerberos logon error
14:18:35,031  ERROR [smb.protocol.auth] org.alfresco.jlan.smb.server.SMBSrvException: Access denied
14:18:38,271  DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=2, UID=0, PID=11754
14:18:38,271  DEBUG [smb.protocol.auth] Using Write transaction
14:18:38,271  DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=,Ticket=Len=253,Authenticator=EncType=1,Kvno=-1,Len=144]
GSSException: Failure unspecified at GSS-API level


any ideas why its not work?
0 Kudos

jserrano
Champ in-the-making
Champ in-the-making

‎10-13-2009 06:44 AM

Hi,
I have the same problem with passthru authentication.
In another post there is reference to:

https://issues.alfresco.com/jira/browse/ETHREEOH-2498

It may be a bug in the version of Alfresco.
I hope you will be helpful
0 Kudos

prajithlal
Champ in-the-making
Champ in-the-making

‎11-12-2009 01:39 AM

Hi,

Is there any update on this issue?
We are facing the same problem with 3.2r kerberos AD

when I try sso with my browser FF3.5/ IE it gives the blank screen
Here is the log.
09:20:57,707  DEBUG [app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 10.120.1.12 (10.120.1.12:46634)
and nothing is happening.

will appreciate any help.

thanks
0 Kudos

shineg
Champ in-the-making
Champ in-the-making

‎09-08-2010 07:34 AM

Hi,
We are facing the same issue with alfresco community edition 3.3g. Is it fixed in alfresco EE? We are evaluating alfresco for production deployment.
Regards
Shine
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC