Hyland Connect

v_giannini · ‎06-17-2019

Hi all,

I'm integrating alfresco rest-api, using alfresco latest version, as DMS services for external web applications.

I'm experiencing some troubles about authentication, the question is this:

How I can refresh an expired authentication ticket for rest api wihout executing e new /tickets post passing username and password?

Web applications in accord with GDPR cannot store user passwords and without a refresh service I'm not able to guarantee the validity of an authentication ticket requested by external web applicatrion at login time.

The typical scenario could be this:

The user logins the external web application, in the same time the application executes a /ticket post to obtain an authentication ticket.

Supposing in alfresco is configured a 10 minutes ticket validity time, if the user navigates the external web application for 11 minutes and then executes an action to obtain for example his user home folder list, the ticket obtained by the application for alfresco at login time will be not valid anymore, I need to refresh it such as oauth protocol does passing the expired ticket and obtaining a new one but I don't see any rest endpoint in the rest api explorer to do it. It seems that the only way is to execute a new /tickets call but once a user is logged in the application cannot store the (clear) user password.

I'm really in trouble please help me

abhinavmishra14 · ‎06-20-2019

Hi Vincenzo

One quick turnaround solution is to increase the time validity for longer time. You could match the session expiry time set on the application which user uses and session would be expired in that application for inactivity. This session expiration time can be equal to the Alfresco ticket validity.

Set the following property in alfresco-global.properties file:

authentication.ticket.validDuration=PT2H

This example shows the validity is set to 2 hours. 1 hour is the default setting

There is another case here, if you want to see it:

https://community.alfresco.com/thread/182531-how-to-get-alfresco-ticket-session-expiration-time

Another solution is to get rid of the dependency on ticket. Implement SSO instead and let SSO takes care of authentication etc. This would take some time to fix the issue until implementation. But you don’t have to be dependent on the alf_ticket.

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

View answer in original post

abhinavmishra14 · ‎06-20-2019

Hi Vincenzo

One quick turnaround solution is to increase the time validity for longer time. You could match the session expiry time set on the application which user uses and session would be expired in that application for inactivity. This session expiration time can be equal to the Alfresco ticket validity.

Set the following property in alfresco-global.properties file:

authentication.ticket.validDuration=PT2H

This example shows the validity is set to 2 hours. 1 hour is the default setting

There is another case here, if you want to see it:

https://community.alfresco.com/thread/182531-how-to-get-alfresco-ticket-session-expiration-time

Another solution is to get rid of the dependency on ticket. Implement SSO instead and let SSO takes care of authentication etc. This would take some time to fix the issue until implementation. But you don’t have to be dependent on the alf_ticket.

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

Rudresh-Nagaraj · ‎09-08-2022

How do I mention Minutes.

For testing purpose I need to set around 5min.

Could you please let us know.

Thanks

Rudresh

abhinavmishra14 · ‎09-08-2022

@Rudresh-Nagaraj

You can use following (notice the 'M'):

authentication.ticket.validDuration=PT5M

----------------------------------------
This is how time duration formats PT<number><timeDuration> Look like:

PT2S - 2 seconds

PT2M - 2 minutes

PT2H - 2 hours

PT2H30M - 2 hours 30 minutes

PT2D - 2 days

PT2Y - 2 years

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

Hyland Connect

Refresh Api Authentication Ticket