Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Webdav + LDAP + CAS2_AUTH

djoncour_
Champ on-the-rise
Champ on-the-rise

‎01-13-2014 04:10 AM

Hello, I have a problem when I trying to get documents with a webdav drive by LDAP and CAS authentication. I always have this error message in my logs

Digest authentication failed. Stored HA1 is empty

In my cas-config.xml I add these following lines

<specificAuthenticationChain name="WebDAV">
    <headers>
      <header name="User-Agent">(Microsoft-WebDAV-MiniRedir|DavClnt|litmus|gvfs|davfs|WebDAV|cadaver|BitKinex).*</header>
    </headers>
    <urlPatterns>
        <url>(.*)/site/dav.*</url>
    </urlPatterns>
    <replacementChain>
        <plugin>DIGEST_AUTH</plugin>
        <plugin>WEBDAV_BASIC_AUTH</plugin>
    </replacementChain>

I don't understand where is my problem, I don't know if I forget a file or a configuration.

Thank you for your help

David

0 Kudos
6 REPLIES 6

Thierry_Martins
Star Collaborator
Star Collaborator

‎01-13-2014 05:19 AM

hello,

WebDAV uses an authentication based on digest.

This digest is computed when the user authenticates the first time with the Web UI, but if you're authenticating against CAS, no password is sent to Nuxeo, which can not compute the digest, and as a consequence won't be able to validate the credentials sent from WebDAV.

So that's the problem you're facing.

Thierry

scivray_
Champ in-the-making
Champ in-the-making

‎01-27-2014 05:49 AM

Hello,

0 Kudos

Thierry_Martins
Star Collaborator
Star Collaborator

‎01-27-2014 05:51 AM

No it won't work. The webdav connector does not communicate with basic auth.

0 Kudos

scivray_
Champ in-the-making
Champ in-the-making

‎01-27-2014 06:10 AM

So, just to be sure, if CAS2_AUTH is enabled for Web UI, it's impossible to login in WebDAV because of the digest which is not computed due to CAS2_AUTH. And it's not possible to modify the WebDAV authentication to get it work while CAS2_AUTH is enabled for Web UI.

A way to use both (I mean while CAS2_AUTH is enabled), is first to use LDAP backend and BASIC_AUTH and login in Web UI, this way the digest is computed. Then re-enable CAS2_AUTH. WebDAV will work because a digest was computed. But if the user password is changed on LDAP there will be a problem with WebDAV authentication bescause the digest will be wrong. And every users have to login while CAS2_AUTH is disabled.

Perhaps : Is there a way to "force" nuxeo to automatically compute a digest for each user found in LDAP, without a user has to login ?

Thank you for explanations

Sylvain

0 Kudos

Thierry_Martins
Star Collaborator
Star Collaborator
In response to scivray_

‎01-27-2014 06:17 AM

You have done a pretty good summary of the situation.

0 Kudos

scivray_
Champ in-the-making
Champ in-the-making

‎01-27-2014 06:25 AM

Merci pour les pistes de solutions (sorry don't know how to translate that).

Have a nice day.

Sylvain

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC