Hi,
I have configured Kerberos authentication on Alfresco 5.1 according to this manual Configuring Kerberos against Active Directory | Alfresco Documentation and authentication works fine againt Windows AD. But I have to write the credentials manually. When I open any browser as a domain user the browser will not send any kerberos communication (in wireshark) and always return header
WWW-Authenticate: Basic realm="Alfresco"
instead of
WWW-Authenticate:Negotiate
which I would expect.
Same behaviour is for URLs http://server.mydomain.local:8080/alfresco/s/enterprise/admin and http://server.mydomain.local:8080/share
only in first case it is browser dialog and in second case HTML dialog. Both are manully working but neither automatically.
I am trying it from different Windows server than where Tomcat application server is (on Windows in domain) and I have site in IE in Intranet zone, checked automatically login, tried described configuration in FF but still no communication with kerberos at all. There are no errors about problems with authentication, there is nothing. Could you please advise what else I can check? I believe that keytabs and kerberos setting is correct when I can authenticate user manually.
This is what I have in alfresco-global.properties
authentication.chain=kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm
### Kerberos properties ###
ntlm.authentication.sso.enabled=false
kerberos.authentication.sso.enabled=true
kerberos.authentication.defaultAdministratorUserNames=admin
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.cifs.password=mypass
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.http.password=mypass
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.realm=MYDOMAIN.LOCAL
kerberos.authentication.stripUsernameSuffix=true
kerberos.authentication.browser.ticketLogons=true
kerberos.authentication.sso.fallback.enabled=false
