Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to logon in Alfresco Community Server after upgrading iOS Alfresco App to version 2.0

jeesee
Champ in-the-making
Champ in-the-making

‎07-10-2014 04:56 AM

I'm having a problem after (automatic) upgrading the Alfresco App today.

Yesterday with the "old" Alfresco App (black icon) on my iPhone and iPad it all works fine.
Today I started the iPad app (it was automatically upgraded on both my iPhone and iPad to the 'white' icon) I receive a Session Error.

I tried to reconfigure the connection on the iPhone, but after delete de connection to my Alfresco server I can't configure a new one:

Save Account
Failure to authenticae. Check your
account settings with your system
administrator.

Is something changed in the new iOS app?

How can I configure it to connect with my Alfresco server?

Server settings:
Username: jeesee
Password: xxxxx  <- I'm sure it's right!
Hostname: My Alfresco Server .nl
Description
HTTPS: On

Sync files: Off
Port: 8443
Service Document: /alfresco/service/cmis
Client Certificate:


Please Help!
Labels:
0 Kudos
28 REPLIES 28

mikeh
Star Contributor
Star Contributor
In response to gerardh

‎07-17-2014 05:12 PM

I'm unclear as to why you can't assign an SSL certificate to your particular setup… TLS has supported IP address changes for a number of years now via the SNI extension [1]; supported by all browsers except Android 2.x and MSIE on Windows XP. There are many services that support dynamic DNS for people such as yourself who cannot obtain a static IP address, http://www.dtdns.com/ is just one.

So yes i would like to use https but not pay $60 for a ssl certificate.
Personally I think it's a small price to pay for security compared to the value you're getting from an Alfresco repository and mobile apps. We may just need to agree to differ on that one.

But what is the reason you would not implement a feature which you already had?
That's a fair question. The previous iOS apps were based on code that one of our partners (Zia) originally wrote. Whilst it gave us a huge boost in getting a mobile app to market, the architecture & design of the app wasn't quite to our liking, including inheriting some features we wouldn't necessarily have added by choice. One of those was giving the end user the ability to switch off SSL validation. We had some very strong feedback from some of our larger enterprise customers that this was extremely undesirable. Fast-forwarding to our iOS 2.0 app, this was a complete re-write on top of ObjectiveCMIS and the Alfresco iOS SDK. When choosing what features to prioritise (or exclude) we looked back at all the customer feedback and that one stood out particularly. Hence why it's not in the app today.

On a more positive note, I have been actively thinking of how we can support self-signed certificates in the future. The SDK already allows this as a runtime parameter, so it's just our "out of the box" app that enforces the policy. Clearly we need an Alfresco admin to allow untrusted connections via some policy, but it's somewhat of a "chicken and egg" problem as you need the app to connect to the repository in order to retrieve the policy setting. As I said, I have some ideas as to how this could work for all parties, but I can't guarantee when the store app will allow it.

Thanks,
Mike

[1] http://en.wikipedia.org/wiki/Server_Name_Indication

P.S. Yes, I'm fully aware of the difference between http and https, but thanks for checking 😉
0 Kudos

pkurzok
Champ in-the-making
Champ in-the-making
In response to mikeh

‎09-24-2014 10:07 AM

Hi,

you said <cite>The SDK already allows this as a runtime parameter</cite> to use self-signed certificates.

What is the parameter called and where do I set it?

Best regards,
Peter
0 Kudos

gavinc
Champ in-the-making
Champ in-the-making
In response to pkurzok

‎09-25-2014 03:40 AM

Hi Peter,

The parameter is "kAlfrescoAllowUntrustedSSLCertificate" and you set it in the parameters when creating a session, for example:

NSDictionary *parameters = @{forKey:kAlfrescoAllowUntrustedSSLCertificate: @YES};
[AlfrescoRepositorySession connectWithUrl:<your-URL> username:<userName> password:<password> parametersSmiley Tonguearameters completionBlock:^(id<AlfrescoSession> session, NSError *error) {
    ….
}];
0 Kudos

lucasolferino
Champ in-the-making
Champ in-the-making
In response to mikeh

‎07-11-2014 03:34 AM

I have the same problem, but in my case I use a Reverse Proxy Apache, with a validi certificate suggestions?

thank you
0 Kudos

mikeh
Star Contributor
Star Contributor
In response to lucasolferino

‎07-11-2014 01:46 PM

Make sure your Tomcat Connector has the appropriate proxy attributes added, here's mine as an example:

    <Connector port="8090" protocol="HTTP/1.1" 
              connectionTimeout="20000" 
              redirectPort="8443" URIEncoding="UTF-8"
              scheme="https"
              proxyName="alfresco.mikehatfield.net" proxyPort="443" />


This ensures CMIS generates the correct absolute URLs in the responses.

Thanks,
Mike
0 Kudos

pflaeging
Champ in-the-making
Champ in-the-making
In response to mikeh

‎07-15-2014 02:55 AM

I've got the same problem with a cacert certificate where the root certificate is correct deployed in the iOS profile. Every other service is working except Alfresco for iOS 2.0!
0 Kudos

mikeh
Star Contributor
Star Contributor
In response to pflaeging

‎07-15-2014 04:46 PM

When you say "every other service" - is that other third party apps, or just the built-in iOS apps? I've definitely heard of limitations regarding non-Apple apps and custom root certificates. I had success testing with a Comodo certificate (and with local CA-generated client certificates)

Thanks,
Mike
0 Kudos

lucasolferino
Champ in-the-making
Champ in-the-making
In response to mikeh

‎07-23-2014 03:31 AM

Thank you, your solution work.

Luca
0 Kudos

mikeh
Star Contributor
Star Contributor
In response to lucasolferino

‎07-23-2014 04:12 AM

Thanks for the follow-up confirmation Luca.

Mike
0 Kudos

jack_chuong
Star Contributor
Star Contributor
In response to mikeh

‎10-08-2014 12:37 AM

Hi Mike,
I'm using Alfresco Community 5.0.a on Centos 6.4 64 bit and I have similar problem with iOS Alfresco App version 2.0
We only use HTTP, my user can use Alfresco by URL http://alfresco.mydomain.com/alfresco or http://alfresco.mydomain.com/share from internal and external, request come to port 80 is redirected to 8009 by mod_jk, this is my server.xml configuration:

    <Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" maxHttpHeaderSize="32768" />

    <Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" />

    <Connector port="8443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
               maxThreads="150" scheme="https" keystoreFile="/opt/alfresco-5.0.a/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"
 secure="true" connectionTimeout="240000" truststoreFile="/opt/alfresco-5.0.a/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"
               clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" />

What should I do to make it work with iOS Alfresco App to version 2.0 ?
Everything works fine with Alfresco Android App
Server settings:
Username: jack.chuong
Password: xxxxx
Hostname: alfresco.mydomain.com
Description
HTTPS: Off

Sync files: Off
Port: 80
Service Document: /alfresco
Client Certificate:
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC