11-06-2019 09:45 AM
Hi,
I installed Alfresco with https.
I generated the certificate
cd / opt / alfresco / scripts
./createssl.sh
However, when logging into the platform the following error message occurs:
Error logging in to Alfresco
Something is wrong with this page ...
We may have encountered an error, or maybe something has been removed or deleted, so check to see if the URL is correct.
It is also possible that you do not have permission to view the page (it may be part of a private site) or that an internal error has occurred. Contact your IT staff.
If you are trying to access the home page and it is no longer available, change it by clicking its name on the toolbar.
See the logs:
root@server-processoverde-seguro:~# tail -f /opt/alfresco/tomcat/logs/catalina.out
2019-11-06 11:20:48,376 ERROR [alfresco.web.site] [http-nio-8080-exec-29] javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://138.197.2.163/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://138.197.2.163/share/page/' vs server & context: http://138.197.2.163/ (string) or (regexp)
root@server-processoverde-seguro:~# tail -f /var/log/nginx/error.log
2019/11/06 10:17:41 [warn] 2162#2162: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/nginx/ssl/alfserver.crt"
Wed Nov 06 11:30:00 BRST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
I commented the CSRF anyway, it still didn't work out.
cd /opt/alfresco/tomcat/shared/classes/alfresco/web-extension
vi share-config-custom.xml
<!--
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<properties>
<token>Alfresco-CSRFToken</token>
<referer>https?:\/\/@@ALFRESCO_SHARE_SERVER@@\/.*</referer>
<origin>https?:\/\/@@ALFRESCO_SHARE_SERVER@@.*</origin>
</properties>
</config>
-->
What is the solution to this problem?
Thanks a lot!
Zé Brasil
11-07-2019 04:22 AM
If you want to disable CSRF, you need to add the following lines:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>
11-06-2019 10:42 AM
What UI are you using?
11-06-2019 12:07 PM
Hi jljwoznica,
I'm logging in with admin user.
Thanks.
11-06-2019 11:44 AM
Try disabling CSRF in your share-config-custom.xml
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>
or adding the https protocol to your CSRF existing confituration.
Also remember to clear the cache of your browser.
11-06-2019 03:14 PM
Hi angelborroy,
I disabled CSRF.
I cleared browser cache.
In alfresco-global.properties is already set https
Look:
<!-- Disable the CSRF -->
<!--
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<properties>
<token>Alfresco-CSRFToken</token>
<referer>https?:\/\/@@ALFRESCO_SHARE_SERVER@@\/.*</referer>
<origin>https?:\/\/@@ALFRESCO_SHARE_SERVER@@.*</origin>
</properties>
</config>
-->
#-----------------------
# System paramaters
#-----------------------
alfresco.context=alfresco
alfresco.host=@@ALFRESCO_REPO_SERVER@@
alfresco.port=8080
alfresco.protocol=http
#
share.context=share
share.host=@@ALFRESCO_SHARE_SERVER@@
share.port=443
share.protocol=https
What may be missing?
Thanks a lot.
Zé Brasil
11-07-2019 04:22 AM
If you want to disable CSRF, you need to add the following lines:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>
11-08-2019 08:11 AM
Hi angelborroy,
It worked.
Thanks a lot for the help.
With best regards,
Zé Brasil
Explore our Alfresco products with the links below. Use labels to filter content by product module.