cancel
Showing results for 
Search instead for 
Did you mean: 

/alfresco/wcs/touch - 401 error

g_rathod
Star Contributor
Star Contributor

This URL for my alfresco gives lots of 401 error code. Where do I need to look into for this?

Which file I need to verify or correct to resolve this? it seems SSO touch base URL  /alfresco/wcs/touch

cause issue.

6 REPLIES 6

g_rathod
Star Contributor
Star Contributor

Problem with this is, if I try to fire URL   myhost:8080/alfresco/wcs/touch

server goes into loop executing this url in infinite loop and my monitoring system (NewRelic) trigger alert for High percentage of Error

What could be solution to prevent this ? this is now headache and I am not aware about solution or alternative by looking this SSO touch base.

I tried below

#1. Trying excluding url in LocalConfig.conf  (SiteMinder config) - > IgnoreURL = "/alfresco/wcs/"

#2. Tried checking F5 for port 8080

#3. Checked configuration in server.xml  in tomcat

But issue still persist. Please guide.

afaust
Legendary Innovator
Legendary Innovator

When you are using SiteMinder (you should have mentioned that in the original post) then it could be that - for some reason - the user header is simply no longer included in the HTTP request and can thus not be forwarded from Share to the Repository-backend. Or it is stripped from the request from Share to Repository (if you are routing that through F5 / proxy with SiteMinder) to fend off attempts of impersonation (i.e. as if a user constructed a request with SiteMinder user ID header already added).

g_rathod
Star Contributor
Star Contributor

Thanks Axel for quick response,

But this is my production server , where my end user obvious using LB URL instead direct host. So I must enable siteminder login to them.

I can't disable that. But is there any way to prevent such throttle request  (high error rate) prevention or configuration that I can perform?

afaust
Legendary Innovator
Legendary Innovator

A 401 on the /touch operation is perfectly normal. The SSO handshake has to start somewhere and what Share is doing is calling the /touch operation to check if SSO is enabled - if SSO is enabled, the /touch operation will send the 401 with the appropriate WWW-Authenticate header to indicate to the client which type of authentication is required (NTLM / SPNEGO). The only way to prevent the 401s in this case would be to disable SSO altogether...

g_rathod
Star Contributor
Star Contributor

Thanks Axel,

So finally I need to exclude this alert from newrelic to avoid this confusion. I do not want my client see this alert frequently with high error rate. as you said it is valid 401 code for SSO handshake.

shazada
Star Contributor
Star Contributor

I know this is an old question, but for the people having to add a URL for ping in monitoring tools like NewRelic, Stackify, etc. you can use alfresco/service/touch?guest=true which will just give a status 200.

Don't use /share/page because mostly share is fine while repo is down Smiley Happy.