Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Subsystem External authentication 3.3

loftux
Star Contributor
Star Contributor

‎04-26-2010 10:24 AM

I'm trying to set up external authentication susbsystem for Community 3.3.
For Alfresco explorer it works just fine, but not for Share.

alfresco-global.properties has
external.authentication.proxyUserName=
external.authentication.proxyHeader=X-Alfresco-Remote-User
external.authentication.enabled=true
external.authentication.userIdPattern=

For Share in webscript-framework-config-custom.xml
   <config evaluator="string-compare" condition="Remote">
        <remote>
            <endpoint>
                <id>alfresco</id>
                <name>Alfresco - user access</name>
                <description>Access to Alfresco Repository WebScripts that require user authentication</description>
                <connector-id>alfresco</connector-id>
                <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
                <identity>user</identity>
                <external-auth>true</external-auth>
                <authenticator-id>alfresco-ticket</authenticator-id>
            </endpoint>
            
        </remote>
    </config>
Is there anything else that needs to be done for Share?

I've tried to set up some useful logging for Share, but nothing shows up. Running wireshark shows there is no communication from share to alfresco. Unless I manually enter credentials, then there is communication from share to Alfresco and I get logged in.
Labels:
0 Kudos
11 REPLIES 11

loftux
Star Contributor
Star Contributor

‎04-27-2010 04:07 AM

Trying this out a bit more.
Seems like the webscript-framework-config-custom.xml is no longer read. I filed a case for this https://issues.alfresco.com/jira/browse/ALF-2605.
So I'm not sure where to put the config for Remote endpoint, still I'm not sure if that is the main issue.

Any useful logging I can use for Share client? I've tried
log4j.logger.org.alfresco.web.app.servlet.AuthenticationFilter=debug
log4j.logger.org.alfresco.web.app.servlet=debug
log4j.logger.org.alfresco.web.app.servlet.HTTPRequestAuthenticationFilter=debug
log4j.logger.org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl=debug
log4j.logger.org.springframework.transaction.interceptor.TransactionProxyFactoryBean=debug
log4j.logger.org.alfresco.repo.security.authentication.AuthenticationServiceImpl=debug
log4j.logger.org.alfresco.repo.security.authentication=debug
log4j.logger.org.springframework.transaction.interceptor=debug
log4j.logger.org.alfresco.connector.RemoteClient=debug
log4j.logger.org.alfresco.connector=debug
but that doesn't give anything useful.
0 Kudos

loftux
Star Contributor
Star Contributor

‎05-04-2010 05:58 AM

Hi,

Can someone clarify: Is external subsystem header authentication supported for Alfresco Share 3.3?
Scenario: An external proxy application authenticates the user, and then forward all request to share. In the header I want to pass the username as per documentation. Works for Alfresco Explorer, but not for Share. CAS is not used.
0 Kudos

pat2man
Champ in-the-making
Champ in-the-making

‎05-12-2010 02:12 PM

I am having the same issue.
0 Kudos

carbotex
Champ in-the-making
Champ in-the-making

‎06-09-2010 11:58 AM

I've been having the same issue and looking for an answer myself. You are asking the perfect question. Does external subsystem header authentication work for Alfresco Share 3.3?

Yes or No answer from Alfresco Engineer would be nice, it takes a few seconds to answer the question. But good luck getting any help in this forum.
0 Kudos

bsculley
Champ in-the-making
Champ in-the-making

‎06-27-2010 06:45 PM

I'm also having the same problem with 3.3 Enterprise.  Anybody here find a solution?
0 Kudos

tommorris
Champ in-the-making
Champ in-the-making

‎12-15-2010 04:28 PM

Hi there.

We have a similar problem (along with an Apache reverse-proxy) and I believe this was working on the 3.2.x branch but is now broken on 3.3.3.

I think it's related to this (NTLM against AD is the external authentication in this case):
https://issues.alfresco.com/jira/browse/ALF-1997
…which is fixed in 3.3.5.

I hope this is helpful.
Tom
http://www.ixxus.com
0 Kudos

ipuljiz
Champ in-the-making
Champ in-the-making

‎04-07-2011 09:26 AM

Can I reraise this issue. Alfresco 3.4.e. I can login to alfresco with external but not to share. Please help.
0 Kudos

juhanig
Champ in-the-making
Champ in-the-making

‎04-12-2011 03:48 PM

Hi,

Same story here with Alfresco 3.4.d.

I have a Sun Proxy server in front of Alfresco which does Sun Access Manager (OpenSSO) autentication which sets the authenticated user as a custom http header.

Works fine for Alfresco Explorer but not for Share.

Could someone from Alfresco comment?

If external auth for share is currently unsupported (with a custom http header / remote user approach), are there anywhere updated instructions or examples how to write a custom authenticator filter for Share and how to configure it? Earlier there was an OpenSSO filter (made by SourceSense) but seems like that won't work with newer Alfresco versions.

Regards,
Juhani
0 Kudos

cmtran
Champ in-the-making
Champ in-the-making

‎07-08-2011 03:41 PM

Hi,

Has this been resolved?  I'm unable to get external authentication to work for share while it works for Alfresco explorer in version 3.4.d.  Any guidance is appreciated.  Thank you in advance.

cmtran
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC