Hyland Connect

ebogaard · ‎10-31-2014

While trying out 5.0b, I ran into authentication problems with the mobile interface and tenants.
I can login to the 'main' tenant (the one without domain) using the mobile app on Android or iOS, but I get an authenticaion error when I try to login with a tenant user (which I know works.

Functioning login to main tenant:


xyz - - [31/Oct/2014:23:05:19 +0100] "GET /alfresco/service/api/server HTTP/1.1" 200 116 "-" "AlfrescoApp/395 CFNetwork/711.1.12 Darwin/14.0.0"
xyz - - [31/Oct/2014:23:05:19 +0100] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom HTTP/1.1" 200 21149 "-" "AlfrescoApp/395 CFNetwork/711.1.12 Darwin/14.0.0"
xyz - - [31/Oct/2014:23:05:20 +0100] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom HTTP/1.1" 200 21149 "-" "AlfrescoApp/395 CFNetwork/711.1.12 Darwin/14.0.0"
xyz - - [31/Oct/2014:23:05:20 +0100] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/id?id=881fae2c-46c4-48af-a3ac-ef62d7dd7845&filter=&includeAllowableActions=true&includeACL=false&includePolicyIds=false&includeRelationships=none&renditionFilter= HTTP/1.1" 200 7551 "-" "AlfrescoApp/395 CFNetwork/711.1.12 Darwin/14.0.0"
… et cetera
‍‍‍‍‍‍‍

Non-functioning login to tenant user:


xyz - - [31/Oct/2014:23:06:46 +0100] "GET /alfresco/service/api/server HTTP/1.1" 200 116 "-" "AlfrescoApp/395 CFNetwork/711.1.12 Darwin/14.0.0"
xyz - - [31/Oct/2014:23:06:46 +0100] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom HTTP/1.1" 200 21149 "-" "AlfrescoApp/395 CFNetwork/711.1.12 Darwin/14.0.0"
xyz - - [31/Oct/2014:23:06:46 +0100] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom HTTP/1.1" 200 21149 "-" "AlfrescoApp/395 CFNetwork/711.1.12 Darwin/14.0.0"
xyz - - [31/Oct/2014:23:06:46 +0100] "GET /alfresco/api/-default-/public/cmis/versions/1.0/atom/id?id=881fae2c-46c4-48af-a3ac-ef62d7dd7845&filter=&includeAllowableActions=true&includeACL=false&includePolicyIds=false&includeRelationships=none&renditionFilter= HTTP/1.1" 404 7038 "-" "AlfrescoApp/395 CFNetwork/711.1.12 Darwin/14.0.0"
-that's it-
‍‍‍‍‍‍‍

Notice that it's actually shing a 404 (not found), not a 403 (not authenticated).

As Alfresco is behind a (local) Apache reverse proxy, I already tried to add proxyName and proxyPort, but without result (notice that even without this, the main tenant already worked).

I get the same authentication error when I try connecting directly to tomcat on port 8080.

Can anyone confirm or deny that the mobile app does still work with 5.0b MT?
If it should work, could you point me in the right direction, so I can solve this?

gavinc · ‎11-03-2014

I'm afraid I need a bit more information…

From the output you've posted it looks like the "non-functioning" tenant user was actually authenticated otherwise the GET call for GET /alfresco/api/-default-/public/cmis/versions/1.0/atom would have returned a 403 response. The fact that this was a 200 and the next URL returned a 404 implies to me that the user does not have access to the root node of the repository or there is an issue with the URLs returned from the …/atom API.

Could you provide details on the credentials being used for each scenario? and when you say "login with a tenant user, which I know works", what tests did you do to show that? Could you post the response body you get for /alfresco/api/-default-/public/cmis/versions/1.0/atom?

gavinc · ‎11-05-2014

I noticed that you also raised this issue in our JIRA system which is being tracked under https://issues.alfresco.com/jira/browse/ACE-3406 and that the ticket provides the information I requested above, given that, I've requested some further information on the JIRA issue.

gavinc · ‎11-06-2014

After investigation it appears the problem does actually lie with the mobile SDKs, "-default-" should be replaced with the actual domain name in the URLs so the mobile apps are essentially using the wrong URLs if MT is enabled. https://issues.alfresco.com/jira/browse/MOBSDK-790 and MOBSDK-791 have been raised to cover this issue.

ebogaard · ‎12-13-2014

Just to be sure this is picked up, I put this comment in Jira and the forums:

After an upgrade to 5.0c, which includes this bugfix, I can login as a tenant user with the iOS v2.0.2 App.
Only the 'All Sites'-option gives an error: "An error occured. Unable to retrieve sites. Error: Sites service error".

The newest Andoid app (v1.4.1) still doesn't work and keeps giving an authentication error.

gavinc · ‎12-15-2014

I'm glad you're now able to login but I'm sorry to hear you're still seeing errors.

Do you see any errors on the server i.e. in alfresco.log or catalina.out?

For completeness I'll ask the same question in the JIRA issue (ACE-3433).

ebogaard · ‎12-15-2014

On the default logging level, there are no errors in the logfiles.
Is there any setting you can advise me to adjust to give us more insight why this happens?

Isn't the Android App just an older version, which isn't compatible with 5.0x? (This is (was) my prime suspect, as there is quite a version difference: 2.0 vs 1.4. It used to work fine with 4.2e, though)

PS: Shall we continue in the jira issue only? I only double-posted this issue, as my experience with closed issues is that new comments aren't picked up. But you seem to do 😉

gavinc · ‎12-17-2014

Yes, let's continue discussion on the JIRA (as we already have been) as you can probably tell I get notified of JIRA comments but not forum posts!

ebogaard · ‎05-18-2015

Hi Gavin,

As this still doesn't seem to be fixed in 5.0d, I opened a new issue in Jira with cases and findings. You can find this issue here: https://issues.alfresco.com/jira/browse/MOBILE-3332
It seems I can't view the issue after submission anymore, so I have to trust it's in good hands with you 😉

Hyland Connect

Alfresco 5.0b mt authentication problems