Hyland Connect

ivanovpavel1983 · ‎06-08-2018

Hello.

Has anyone got an example of using SSO authentication with Alfresco Development Framework?

In share and alfresco webdav we use this functionality.

Thanks!

eugenio_romano · ‎06-08-2018

With Kerberos you don't need to log in, so I guess you need to remove or change the authguard in the router

ivanovpavel1983 · ‎06-08-2018

No, this does not work. And AuthGuard (https://issues.alfresco.com/jira/browse/ADF-2435) doesn't work...

eugenio_romano · ‎06-08-2018

DId you get a look to this issue ADF on SSO enabled ACS with my suggestions they where able to make it works

ivanovpavel1983 · ‎06-08-2018

Yes, but in this case, if you delete the old ticket from browser, there will be a redirect to login page.

This is obviously not SSO ))

eugenio_romano · ‎06-08-2018

Is the ADF authGuard that redirect you to the login page, if you don't have it there will be no redirect.

1)You can write your own authguard that implement your logic

or

2) you can add a listener in the main app that if receive 401, because the ticket is deleted, redirect you where is needed

this.alfrescoApiService.getInstance().on('unauthorized', (error) => {
        this.router.navigate(['/navigate-where-you-need']);
    }
});

ivanovpavel1983 · ‎06-08-2018

"if you don't have it there will be no redirect" - in this case will be an error 401

The application should receive a new ticket, but it doesn't have it.

eugenio_romano · ‎06-08-2018

Honestly, I am a bit confused, if you are using kerberos the new ticket should not be automatically provided?

The KDC issues a (TGT) if the TGT expires at some it should be transparently renewed by the user's session manager while they are logged in. How do you delete the ticket from the browser?

ivanovpavel1983 · ‎06-09-2018

We have enabled logging, and have this error:

Any ideas?

ivanovpavel1983 · ‎06-09-2018

And this log is from share:

It's ok.

Hyland Connect

Kerberos SSO with ADF