Hyland Connect

award · ‎11-15-2013

If I understand the HTTP protocol correctly, it should be possible to validate an external SSO configuration by manually constructing an HTTP request and submitting it over telnet with the appropriate headers. For example, if share-config-custom.xml has the userHeader value set to "userId" and the server name is "alfresco", then opening a telnet connection to port 8080 on alfresco and sending the following request should result in it being executed as the "admin" user:


GET /alfresco/faces/jsp/login.jsp HTTP/1.1
Host: alfresco
userId: admin
‍‍‍‍‍

Is this correct?

If not, is there a better way to structure the request or the configuration to make this work?

award · ‎11-18-2013

Update:

To validate the process itself, I used the same technique on a server with a fresh install, without any special SSO configuration.

After establishing a valid session and logging in from my browser, I used a raw telnet session to load the user profile page. Here is the minimal HTTP request I was able to generate that would successfully return the content:


GET /share/page/user/admin/profile HTTP/1.1
Host: [redacted]:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
Cookie: JSESSIONID=C73495264D12B577DB295EA150A22C24; alfLogin=[redacted]; alfUsername3=admin
‍‍‍‍‍‍

So, to restate my question…given that the above request works with a baseline configuration, can we create a similar request that could be used to validate an SSO configuration?

mrogers · ‎11-18-2013

Yes in principle your first example is fine for demonstrating external authentication via http. You just need to configure external authentication to use the userId property.

Hyland Connect

Verifying external SSO via telnet