Hyland Connect

ramjoy22 · ‎04-18-2013

I need to test external sso in alfresco share

I followed the steps

1. renamed alfresco-4.2.c/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml.sample as share-config-custom.xml.
2. Uncommentd both the

 <config evaluator="string-compare" and the condition="Remote"> ‍

sections.



 <config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not 
            require authentication
        </description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that 
                         require user authentication
        </description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via
                         the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
         
         <endpoint>
            <id>activiti-admin</id>
            <name>Activiti Admin UI - user access</name>
            <description>Access to Activiti Admin UI, that requires user 
                         authentication</description>
            <connector-id>activiti-admin-connector</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/activiti-admin
            </endpoint-url>
            <identity>user</identity>
         </endpoint>
      </remote>
    </config>

<config evaluator="string-compare" condition="Remote">
      <remote>
         <keystore>
             <path>alfresco/web-extension/alfresco-system.p12</path>
             <type>pkcs12</type>
             <password>alfresco-system</password>
         </keystore>
         
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based 
                          authentication
            </description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
         </connector>
         
         <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and 
             cookie-based authentication
            </description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>SsoUserHeader</userHeader>
         </connector>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user
             authentication
            </description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

3. modified alfrsco-global.properties like ;

   authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
   external.authentication.proxyUserName=
   external.authentication.enabled=true
   external.authentication.defaultAdministratorUserNames=admin
   external.authentication.proxyHeader=SsoUserHeader

No other changes made
Do i need to do any further modifications?

i tried to access alfresco from my JSP application as follows,



Testing SSO <br>
<%

URL url1 = new URL("http://localhost:8080/share/page"); 
URLConnection conn = url1.openConnection(); 
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestProperty("SsoUserHeader", "admin"); 
for (int i = 0;; i++) { 
   String headerName = conn.getHeaderFieldKey(i);  
   String headerValue = conn.getHeaderField(i);   
   System.out.println(headerName + "===");  
   System.out.println(headerValue);  
   if (headerName == null && headerValue == null) {     break;   } 
}

%>

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

its giving output in console :

 
***************
null===
HTTP/1.1 200 OK
Server===
Apache-Coyote/1.1
Set-Cookie===
JSESSIONID=89E6C0A9600DDA3675EEB633F5F3A248; Path=/share/; HttpOnly
Cache-Control===
no-cache
Content-Type===
text/html;charset=utf-8
Content-Language===
en-US
Transfer-Encoding===
chunked
Date===
Wed, 17 Apr 2013 13:52:24 GMT
null===
null
*************
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Connection is success here.

Now I need to test SSO.
how can i link from my jsp application to alfresco share?
when i am using response.redirect it shows login page again

shibu · ‎04-29-2013

Thanx for the reply.
Error logs are posting here…


16:50:15,424 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 03290003 Invalid mediatype:  *; q=.2 does not consists of type and subtype
org.springframework.extensions.webscripts.WebScriptException: 03290003 Invalid mediatype:  *; q=.2 does not consists of type and subtype
   at org.springframework.extensions.webscripts.MediaType.<init>(MediaType.java:49)
   at org.springframework.extensions.webscripts.NegotiatedFormat.negotiateFormat(NegotiatedFormat.java:77)
   at org.springframework.extensions.webscripts.WebScriptRequestImpl.getFormat(WebScriptRequestImpl.java:153)
   at org.alfresco.repo.web.scripts.RepositoryContainer$BufferedRequest.getFormat(RepositoryContainer.java:1128)
   at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:50)
   at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:433)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:433)
   at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:495)
   at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:533)
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:349)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:377)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
   at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:118)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:68)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:601)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:116)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy237.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter.doFilter(WebScriptSSOAuthenticationFilter.java:140)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:601)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy237.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
   at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
   at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
   at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
   at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1771)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
   at java.lang.Thread.run(Thread.java:722)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

afaust · ‎04-30-2013

Hello,

Well, your request is missing some parameters that the web script requires to negotiate the response format. Simplest way to fix this would probably be to change your web script to a set response format instead of allowing negotiation. Otherwise you should provide the necessary HTTP headers in your request for the negotiation.

Regards
Axel

shibu · ‎05-02-2013

Got the ticket.
Now I am trying to redirect to user dash board by appending the ticket with the URL from JSP page;


/************************Getting Ticket************************************/
URL url1 = new URL("http://localhost:8080/alfresco/wcservice/qdriveticket.json"); 
HttpURLConnection conn = (HttpURLConnection) url1.openConnection();
HttpURLConnection.setFollowRedirects(false);
conn.setRequestProperty("x-alfresco-remote-user", "admin"); 
BufferedReader dis = new BufferedReader( 
        new InputStreamReader(
            conn.getInputStream()));
String ticket;
String tkt=null;
while ((ticket = dis.readLine()) != null)
{
   tkt = ticket;
}  

/*************************************************************************************************/
 url1 = new URL("http://localhost:8080/share/page"); 
 conn = (HttpURLConnection) url1.openConnection();
 conn.setRequestProperty("x-alfresco-remote-user", "admin"); 
 conn.connect();
 dis = new BufferedReader(new InputStreamReader(conn.getInputStream()));
 
 conn.setInstanceFollowRedirects(false);  //you still need to handle redirect manully.
 HttpURLConnection.setFollowRedirects(false); 
 HttpURLConnection.setFollowRedirects(false);

 String newUrl = conn.getHeaderField("Location");


 // open the new connnection again
 conn = (HttpURLConnection) new URL(newUrl+"?ticket="+tkt).openConnection();

 conn.setRequestProperty("x-alfresco-remote-user", "admin");
 
 response.sendRedirect(newUrl+"?ticket="+tkt);

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Redirection happend to;


http://localhost:8080/share/page/user/admin/dashboard?ticket=TICKET_4be43a906429fa148af2f2fb4097d2b6...
‍‍‍

But the log in page is coming.
Is it the problem of not providing a special SSO filter that is able to pass the ticket to the Alfresco Repository?

shibu · ‎05-06-2013

Please give me reply…

afaust · ‎05-07-2013

<cite>Is it the problem of not providing a special SSO filter that is able to pass the ticket to the Alfresco Repository?</cite>
Yes, that is precisely the problem now. A simple filter should be sufficient that extracts the ticket from the request URL and puts it in the remote connector session as alfTicket parameter. That parameter is already used by the standard code of Share / Surf to enhance requests to the repository. By setting alfTicket yourself, you can reuse the existing code with the least amount of effort and least amount of complex code duplication.

Regards
Axel

shibu · ‎05-14-2013

Got basics of Filter and now I am trying to implement in alfresco. The steps which I followed are;
1. Created a simple Jave project in Eclipse.
2. Created a class which implements Filter interface and written code for extracting the ticket from the request URL and puts it in the remote connector session as alf_ticket parameter.
3. Exported it as a jar file and copied into share/WEB-INF/lib.
4. Modified share/WEB-INF/web.xml and registered the same before existing "Authentication Filter".


<!– Special SSO–>
   <filter>
      <description>Share Special SSO authentication support filter.</description>
      <filter-name>Special SSO Authentication Filter</filter-name>
      <filter-class>in.dms.filter.SpecialSSOFilter</filter-class>
   </filter> 

   <filter-mapping>
      <filter-name>Special SSO Authentication Filter</filter-name>
      <url-pattern>/page/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Special SSO Authentication Filter</filter-name>
      <url-pattern>/p/*</url-pattern>
   </filter-mapping>
 <!– Special SSO–>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Java Code which I written is;


public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
                 
       HttpServletRequest httpServletRequest = (HttpServletRequest) req; 
            
       String ticket = httpServletRequest.getParameter("ticket");

       HttpSession session = httpServletRequest.getSession();
    
       if (ticket != null) { 
          
          session.setAttribute("alf_ticket", ticket);
             }
              
       chain.doFilter(req,res); 
   }
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Please let me know, What else I have to do here to make it work?

afaust · ‎05-17-2013

Hello,

you are currently not setting alf_ticket in the connector session, rather in the "normal" HTTP session which does not help you.

You need something in the line of:


ApplicationContext context = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
ConnectorService connectorService = (ConnectorService) context.getBean("connector.service");
ConnectorSession connectorSession = connectorService.getConnectorSession(session, "alfresco");
connectorSession.setParameter("alfTicket", ticket);
‍‍‍‍‍‍

Regards
Axel

shibu · ‎05-20-2013

Added needed jar files and rewritten the code as ;


 public void init(FilterConfig args) throws ServletException
    {
        if (logger.isDebugEnabled())
            logger.debug("Initializing the SSOAuthenticationFilter.");
        this.servletContext = args.getServletContext();
    }
 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
        throws IOException, ServletException
    {
        HttpServletRequest httpServletRequest = (HttpServletRequest) req; 
         String ticket = httpServletRequest.getParameter("ticket");
    HttpSession session = httpServletRequest.getSession();
    logger.debug("Initializing the SpecialSSOFilter. Ticket : "+ticket);
    
         if (ticket != null) { 
      ApplicationContext context = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
ConnectorService connectorService = (ConnectorService) context.getBean("connector.service");
ConnectorSession connectorSession = connectorService.getConnectorSession(session, "alfresco");
         connectorSession.setParameter("alfTicket", ticket);
         connectorSession.setParameter("alf_ticket", ticket);    
         } 
    chain.doFilter(req,resp);
    }
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

For creating this filter I just followed the steps;
1. Created a simple Jave project in Eclipse.
2. Created a class which implements Filter and CallbackHandler interfaces and written above code.
3. Exported it as a jar file and copied into share/WEB-INF/lib.
4. Modified share/WEB-INF/web.xml and registered the same before existing "Authentication Filter" as mentioned in the last post.

***Should I need to provide any XML for giving bean details with this project? Don't know about "connector.service" more.

***I din do more than anyhing mentioned in th steps above. So please let me know the reason for not working SSO here.

afaust · ‎05-26-2013

Hello,

it would be good to know which part of that code is not working. Do you get the log statement that prints out the ticket? Have you tried debugging the filter with Eclipse as a Remote Java Application?

Regards
Axel

shibu · ‎05-28-2013

Code:


 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
        throws IOException, ServletException
    {
       System.out.println("FILTER IS EXECUTING-PRE");
   HttpServletRequest httpServletRequest = (HttpServletRequest) req; 
   String ticket = httpServletRequest.getParameter("ticket");
   HttpSession session = httpServletRequest.getSession();
   System.out.println("Initializing the SpecialSSOFilter. Ticket : "+ticket);        
       
   if (ticket != null) { 
ApplicationContext context = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
ConnectorService connectorService = (ConnectorService) context.getBean("connector.service");
ConnectorSession connectorSession = connectorService.getConnectorSession(session, "alfresco");
      System.out.println("connectorService : "+connectorService);   
      System.out.println("connectorSession : "+connectorSession);
      connectorSession.setParameter("alfTicket", ticket);
      connectorSession.setParameter("alf_ticket", ticket);
System.out.println("ALF_TICKET  "+ connectorSession.getParameter("alfTicket"));               
    } 
    
    chain.doFilter(req,resp);
    System.out.println("FILTER IS EXECUTING-POST");
   }
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

After Clicking link(URL appended with the Ticket) to reach user dashboard ;
 "catalina.out" displays printed statements which I have mentioned in my Special SSO Filter class as;


FILTER IS EXECUTING-PRE
Initializing the SpecialSSOFilter. Ticket : TICKET_817097a9588838bbf40c26f7d3c5aebc737a0907
connectorService : org.springframework.extensions.webscripts.connector.ConnectorService@6a09865e
connectorSession : org.springframework.extensions.webscripts.connector.ConnectorSession@1cf5c34b
ALF_TICKET  TICKET_817097a9588838bbf40c26f7d3c5aebc737a0907
FILTER IS EXECUTING-POST
‍‍‍‍‍‍‍‍

In each click I can see new entries in "catalina.out" with new ticket.
Hope filter is executing perfectly.
But asking for authentication again here if I click the link.

Hyland Connect

External SSO in alfresco share