03-09-2017 02:10 AM
This URL for my alfresco gives lots of 401 error code. Where do I need to look into for this?
Which file I need to verify or correct to resolve this? it seems SSO touch base URL /alfresco/wcs/touch
cause issue.
03-09-2017 02:33 AM
Problem with this is, if I try to fire URL myhost:8080/alfresco/wcs/touch
server goes into loop executing this url in infinite loop and my monitoring system (NewRelic) trigger alert for High percentage of Error
What could be solution to prevent this ? this is now headache and I am not aware about solution or alternative by looking this SSO touch base.
I tried below
#1. Trying excluding url in LocalConfig.conf (SiteMinder config) - > IgnoreURL = "/alfresco/wcs/"
#2. Tried checking F5 for port 8080
#3. Checked configuration in server.xml in tomcat
But issue still persist. Please guide.
03-09-2017 04:20 AM
When you are using SiteMinder (you should have mentioned that in the original post) then it could be that - for some reason - the user header is simply no longer included in the HTTP request and can thus not be forwarded from Share to the Repository-backend. Or it is stripped from the request from Share to Repository (if you are routing that through F5 / proxy with SiteMinder) to fend off attempts of impersonation (i.e. as if a user constructed a request with SiteMinder user ID header already added).
03-09-2017 04:34 AM
Thanks Axel for quick response,
But this is my production server , where my end user obvious using LB URL instead direct host. So I must enable siteminder login to them.
I can't disable that. But is there any way to prevent such throttle request (high error rate) prevention or configuration that I can perform?
03-09-2017 04:16 AM
A 401 on the /touch operation is perfectly normal. The SSO handshake has to start somewhere and what Share is doing is calling the /touch operation to check if SSO is enabled - if SSO is enabled, the /touch operation will send the 401 with the appropriate WWW-Authenticate header to indicate to the client which type of authentication is required (NTLM / SPNEGO). The only way to prevent the 401s in this case would be to disable SSO altogether...
03-09-2017 04:50 AM
Thanks Axel,
So finally I need to exclude this alert from newrelic to avoid this confusion. I do not want my client see this alert frequently with high error rate. as you said it is valid 401 code for SSO handshake.
09-13-2018 05:44 AM
I know this is an old question, but for the people having to add a URL for ping in monitoring tools like NewRelic, Stackify, etc. you can use alfresco/service/touch?guest=true which will just give a status 200.
Don't use /share/page because mostly share is fine while repo is down .
Explore our Alfresco products with the links below. Use labels to filter content by product module.