Hyland Connect

alfone · ‎11-03-2009

Hi,

i´m having a simple question.
is it possible to use the alfresco webservice api with kerberos authentication?
if it is possible, please can someone post an example or explain it to me?!
we are using alfresco 3.2 community.

dward · ‎11-04-2009

As Alfresco supports username / password based authentication with a Kerberos back end, you should be able to run any of the Web Service samples with the Kerberos subsystem configured. Just set

authentication.chain=kerberos1:kerberos

in alfresco-global.properties

and configure other properties according to the guide here

http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Kerberos

alfone · ‎11-04-2009

Hi,

thanks for your quick answer.
First it´s fine to hear that.
Short info…we have set up succesfully kerberos support for "normal" alfresco authentication in an AD. HTTP login works, cifs login works. Everything is fine.
But when we try to develop a simple jaas-application to use the webservice-api with kerberos support it doesn´t work.
We would be truly grateful if someone or especially you dward can post me some help…

We are trying to connect to the alfresco webservice-api via kerberos-authentication-support.
We are using jaas for the kerberoslogin, but we don't know, how we have to create an alfresco session without entering a username and password.
Here is our sourcecode…

———————————————————————————————-

public class AlfrescoLogin {

public static void main(String[] args) {
   LoginContext lc = null;
   try {
       lc = new LoginContext("AlfrescoSample", new MyCallbackHandler());
   } catch (LoginException le) {
       System.err.println("Cannot create LoginContext. " + le.getMessage());
       System.exit(-1);
   } catch (SecurityException se) {
       System.err.println("Cannot create LoginContext. " + se.getMessage());
       System.exit(-1);
   }

   try {
       // attempt authentication
       lc.login();

   } catch (LoginException le) {
       System.err.println("Authentication failed:");
       System.err.println(" " + le.getMessage());
       System.exit(-1);
   }

   Subject.doAs(lc.getSubject(), new AlfrescoAction());
}

}

———————————————————————————————-

public class AlfrescoAction implements PrivilegedAction {
     public Object run(){

        // how can we connect to the alfresco server without entering the username and password???

          WebServiceFactory.setEndpointAddress("http://192.168.20.190:8080/alfresco/api");
          try {

         // starting alfresco session
            AuthenticationUtils.startSession("username", "password");
          } catch (AuthenticationFault e) {
            e.printStackTrace();
          } catch (RemoteException e) {
            e.printStackTrace();
          }

          return null;
   }
}

———————————————————————————————-

Java startparameter:

-Djava.security.krb5.realm=EOIX.LOCAL
-Djava.security.krb5.kdc=192.168.20.1
-Djava.security.auth.login.config=jaas.conf

———————————————————————————————-

/**
** jaas.conf
**/

AlfrescoSample {
   com.sun.security.auth.module.Krb5LoginModule required
   debug=true
   useTicketCache=true
   refreshKrb5Config=false
   storePass=false
   storeKey=false
   useKeyTab=false
   ;
};

thanks so far.

alfONE

dward · ‎11-04-2009

You can't connect to the alfresco server without a username and password. You need to provide a username and password, just as in the other webservice samples. The username and password will be checked against the kerberos back end.

Your web service client doesn't need a jaas.conf or any special start parameters.

Hyland Connect

Webservices with Kerberos