cancel
Showing results for 
Search instead for 
Did you mean: 

Problem share services alfresco when sso enabled

yacinezr
Champ on-the-rise
Champ on-the-rise

hello,


I have a problem with CIFS configuration, I could successfully activate CIFS but I have a problem with share services when I enable sso authentification.

exactly on this ligne of the alfresco-global.properties configuration

ntlm.authentication.sso.enabled=true

when I set sso to false, I couldn't user CIFS, alfresco work fine without problems

when I set sso to true, I could user CIFS, but this error messege appear in alfresco share.

and other problem appear also like this:

alfresco-global.properties :alfresco community 5.2 201701

### authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap,passthru1:passthru


### Ntlm ###
alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=true
ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false
### Passthru ###
passthru.authentication.defaultAdministratorUserNames=Picosoft
passthru.authentication.domain=domain.local
passthru.authentication.servers=domain.local\\DOMAIN-DC01
passthru.authentication.guestAccess=false
### Synchronisation Active Directory ###
synchronization.import.cron=0 0/30 9-18 ? * MON-FRI
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true

### Configuration OutboundSMTP ###
mail.host=DOMAIN-mail.domain.local
mail.port=25
mail.from.default=alfresco@domain.local
mail.from.enabled=false
mail.protocol=smtp
mail.smtps.auth=false
mail.smtp.debug=true
mail.smtp.timeout=30000

### Configuration OutboundSMTP ###
cifs.enabled=true
cifs.domain=domain.local
cifs.serverName=domainalfresco
cifs.hostannounce=true
6 REPLIES 6

afaust
Legendary Innovator
Legendary Innovator

You need to reconfigure most of the Remote endpoints in share-config-custom.xml to use the /wcs base URL and external authentication. One thing that you may have missed there is configuration of the "alfresco-api" endpoint to use external authentication (URL unchanged).

yacinezr
Champ on-the-rise
Champ on-the-rise

what I have to do in my case 

I had tried this configuration

share-config-custom.xml


<config evaluator="string-compare" condition="Remote">
<remote>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using userHeader authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>X-Alfresco-Remote-User</userHeader>
</connector>

<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8084/alfresco/s</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>

<endpoint>
<id>alfresco-api</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Public API - user access</name>
<description>Access to Alfresco Repository Public API that require user authentication.
This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8084/alfresco/api</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>

<endpoint>
<id>alfresco-feed</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8084/alfresco/s</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>



alfresco-global.properties



authentication.chain=external1:external,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

external.authentication.proxyUserName=
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=X-Alfresco-Remote-User


### Ntlm ###
alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false

this box always appear: when I enter the admin and the password, it reappear again.

what should I do?

 

mehe
Elite Collaborator
Elite Collaborator

As I can see you are using the HTTP Header entries, like X-Alfresco-Remote-User

Do you really have an authenticating proxy that's setting these header fields?

Maybe you could describe your setup?

yacinezr
Champ on-the-rise
Champ on-the-rise

normal setup, nothing special. with admin password =admin
I use 'windows 8.1' and 'alfresco-community-installer-201612-win-x64' 

I am really don't know  X-Alfresco-Remote-User
I followed this [ACE-5682] Share displays the "Alfresco is running without Share Services.See your...." message when...  
but I can't solve the problem Smiley Sad 

mehe
Elite Collaborator
Elite Collaborator

..ok.. External Authentication is relying on an external authentication proxy that sets the X-Alfresco-Remote-User http header - which is not your setup. You should use passthru authentication when connecting to a Windows Domain. 

Do you want to synchronize/authenticate against a Windows Active Directory?

Then:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad

ntlm.authentication.sso.enable=false
ntlm.authentication.authenticateCIFS=false
#ntlm.authentication.mapUnknownUserToGuest=false

alfresco.authentication.authenticateCIFS=false
#alfresco.authentication.allowGuestLogin=false

passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.useLocalServer=false
passthru.authentication.servers=YOUR_DOM\\YOUR_DC
passthru.authentication.defaultAdministratorUserNames=YOUR_ADMIN‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

But maybe I still didn't understand what you want to achieve...

Using alfresco as a single user on your local computer would just work out of the box. You wouldn't have to configure anything. Just use the admin user you created during the install process to login, go to the admin console and create users as needed. These users will be known to alfresco only.

mehe
Elite Collaborator
Elite Collaborator

I usually used (if using cifs at all, I prefer connecting via WebDAV/aos over https)

alfresco.authentication.authenticateCIFS=false
ntlm.authentication.authenticateCIFS=false
passthru.authentication.authenticateCIFS=true‍‍‍‍‍‍

so sso is handled via ntlm, but cifs via passthru.

Another thing I sometimes left out in upgrading was the repository URL in share-config-custom.xml

<repository-url>http://myalfresco:Port/alfresco</repository-url>

Like Axel said, there is a config section (usually commented out) in the sample config for external auth.

Hope it helps....

Martin