cancel
Showing results for 
Search instead for 
Did you mean: 

Share with mod_auth_cas not working

jmwarfe
Champ in-the-making
Champ in-the-making
I'm in the process of trying to get Community Edition 3.2r to talk with my university's CAS server. So far I have followed the wiki page instructions for external authentication and can now log into the Alfresco explorer using SSO however Share gives me the following error below. I'm wondering if my shared/classes/alfresco/web-extension/webscript-framework-config-custom.xml is configured properly and being read or if there is an issue with my SSL certificates. Any thoughts as to what might be the problem?

Thanks in advance!

Tomcat Error:

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: org.alfresco.web.site.exception.RequestContextException: Exception running UserFactory in HttpRequestContextFactory
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:146)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

org.alfresco.web.site.exception.RequestContextException: Exception running UserFactory in HttpRequestContextFactory
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:117)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

org.alfresco.web.site.exception.UserFactoryException: Unable to retrieve user from repository
   org.alfresco.web.site.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:252)
   org.alfresco.web.site.UserFactory.faultUser(UserFactory.java:176)
   org.alfresco.web.site.UserFactory.faultUser(UserFactory.java:110)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:93)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

org.json.JSONException: A JSONObject text must begin with '{' at character 1 of <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>…..</html>
   org.json.JSONTokener.syntaxError(Unknown Source)
   org.json.JSONObject.<init>(Unknown Source)
   org.json.JSONObject.<init>(Unknown Source)
   org.alfresco.web.site.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:165)
   org.alfresco.web.site.UserFactory.faultUser(UserFactory.java:176)
   org.alfresco.web.site.UserFactory.faultUser(UserFactory.java:110)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:93)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)



webscript-framework-config-custom.xml:
<alfresco-config>
  
   <!– Overriding endpoints to reference a remote Alfresco server –>
   <!–
   <config evaluator="string-compare" condition="Remote">
      <remote>

         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://yourserver:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://yourserver:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://yourserver:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
         
      </remote>
   </config>
   –>
   
   <!– Overriding endpoints to reference an Alfresco server with external SSO or NTLM enabled –>
   <!– NOTE: For NTLM, the NTLM Authentication Filter must also be enabled in share web.xml –>
   <!– NOTE: if utilising a load balancer between web-tier and repository cluster, the "sticky –>
   <!–       sessions" feature of your load balancer must be used –>
   <config evaluator="string-compare" condition="Remote" replace="true">
        <remote>
            <!– SSL client certificate + trusted CAs. Optionally used to authenticate share to an external SSO system such as CAS –>
            <keystore>
                <path>/opt/Alfresco/tomcat/shared/classes/alfresco/web-extension/alfresco-system.p12</path>
                <type>pkcs12</type>
                <password>alfresco</password>
            </keystore>
        
            <connector>
                <id>alfrescoCookie</id>
                <name>Alfresco Connector</name>
                <description>Connects to an Alfresco instance using cookie-based authentication</description>
                <class>org.alfresco.connector.AlfrescoConnector</class>
            </connector>

            <endpoint>
                <id>alfresco</id>
                <name>Alfresco - user access</name>
                <description>Access to Alfresco Repository WebScripts that require user authentication</description>
                <connector-id>alfrescoCookie</connector-id>
                <endpoint-url>http://<hostname removed>/alfresco/wcs</endpoint-url>
                <identity>user</identity>
                <external-auth>true</external-auth>
            </endpoint>
           
        </remote>
    </config>
</alfresco-config>
28 REPLIES 28

matthias
Champ in-the-making
Champ in-the-making
I have exactly the same problem.

Logging into CAS with the alfresco-share certificate as described in the wiki works. Also does the snoop.jsp example.

Furthermore WebDAV, which is not protected by CAS, doesn't work anymore. Do I need to put LDAP authentication back in alfresco-global.properties?

dward, can you help us here?


TIA,
Matthias.

cybertoast
Champ in-the-making
Champ in-the-making
I'm not even able to get Alfresco working with approach. What's happening is if I turn on the external authentication subsystem I can't even log in directly to the Alfrecso tomcat using admin/admin. If I comment out the authentication.chain, I can log in.
CAS logs in fine, but get to it from /alfresco I get redirected back to /alfresco/faces/…, as guest. At best I get the login screen on the /alfresco side.
There must be some configuration that I've got wrong, but I can't figure out what it is. This is using a fresh Alfresco 3.2r install. My logs don't show anything wrong - the state transitions in my CAS-server logs pretty much mimic what's in the login-webflow.xml. And my alfresco log pretty much has nothing in it past startup. Which I guess is not surprising since I don't have any debug entries for any authentication.

cybertoast
Champ in-the-making
Champ in-the-making
I finally sort-of got /alfresco working by adding the httpRequestAuthFilter per http://forums.alfresco.com/en/viewtopic.php?f=9&t=21080&p=70120&hilit=cas+share&sid=721b39e0903cf2a0.... But now when CAS redirects me back to alfresco, I get "java.lang.StackOverflowError", with the following:

java.lang.StackOverflowError

Hide Details

java.lang.StackOverflowError
at java.util.concurrent.ConcurrentHashMap$Segment.get(ConcurrentHashMap.java:338)
at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:769)
at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedBeanDefinition(AbstractBeanFactory.java:948)
at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedBeanDefinition(AbstractBeanFactory.java:928)
at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedBeanDefinition(AbstractBeanFactory.java:914)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:205)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:227)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:757)
at org.alfresco.repo.security.authentication.subsystems.SubsystemChainingAuthenticationComponent.getUsableAuthenticationComponents(SubsystemChainingAuthenticationComponent.java:84)

Also, when I go to localhost:8080/alfresco, and try to login with admin/admin I get:
"You have no access to Alfresco."

dward
Champ on-the-rise
Champ on-the-rise
Hi. Sorry for my late arrival to this discussion.

jmwarfe: it looks like share is receiving an HTML response from the server, rather than the JSON response it is expecting. That would suggest that it is seeing a login page rather than the authenticated response. So it's probably that share isn't configured correctly to send the certificate.

Could you paste in the contents of

$CATALINA_HOME/shared/classes/alfresco/web-extension/webscript-framework-config-custom.xml

make sure it has exactly the path above.

?

Regarding the other questions, yes Web DAV authentication will require Alfresco's LDAP authentication subsystem to be included in your chain.

cybertoast
Champ in-the-making
Champ in-the-making
Rebuilding the Alfresco 3.2r source seems to have fixed a lot of stuff, at least making /alfresco work. I now have exactly the same condition as jmwarfe on /share:


javax.servlet.ServletException: org.alfresco.web.site.exception.RequestContextException: Exception running UserFactory in HttpRequestContextFactory
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:146)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

org.alfresco.web.site.exception.RequestContextException: Exception running UserFactory in HttpRequestContextFactory
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:117)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

org.alfresco.web.site.exception.UserFactoryException: Unable to retrieve user from repository
   org.alfresco.web.site.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:254)
   org.alfresco.web.site.UserFactory.faultUser(UserFactory.java:176)
   org.alfresco.web.site.UserFactory.faultUser(UserFactory.java:110)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:93)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

org.json.JSONException: A JSONObject text must begin with '{' at character 9 of







<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
   <head>
       <title>CAS &#8211; Central Authentication Service</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
       <style type="text/css" media="screen">@import 'css/cas.css'/**/;</style>
       <!–[if gte IE 6]><style type="text/css" media="screen">@import 'css/ie_cas.css';</style><![endif]–>
       <script type="text/javascript" src="js/common_rosters.js"></script>
       <link rel="icon" href="/cas/favicon.ico" type="image/x-icon" />
   </head>

   <body id="cas" onload="init();">
       <div id="header">
           <h1 id="app-name">Central Authentication Service (CAS)</h1>
       </div>

       <div id="content">

         <form id="fm1" class="fm-v clearfix" action="/cas/login;jsessionid=DDDD7EDD6EC9AB9DA3DC58BACD6B0331?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin" method="post">
            
                <div class="box" id="login">
                <!– Congratulations on bringing CAS online!  The default authentication handler authenticates where usernames equal passwords: go ahead, try it out.  –>
                    <h2>Enter your NetID and Password</h2>
                    <div class="row">
                        <label for="username"><span class="accesskey">N</span>etID:</label>
                  
                  
                  
                  
                  <input id="username" name="username" class="required" tabindex="1" accesskey="n" type="text" value="" size="25" autocomplete="false"/>
                  
                    </div>
                    <div class="row">
                        <label for="password"><span class="accesskey">P</span>assword:</label>
                  
                  
                  <input id="password" name="password" class="required" tabindex="2" accesskey="p" type="password" value="" size="25" autocomplete="off"/>
                    </div>
                    <div class="row check">
                        <input id="warn" name="warn" value="true" tabindex="3" accesskey="w" type="checkbox" />
                        <label for="warn"><span class="accesskey">W</span>arn me before logging me into other sites.</label>
                    </div>
                    <div class="row btn-row">
                  <input type="hidden" name="lt" value="_cF5CF7323-9883-82D6-C026-FE85F627D357_kCD941794-A5E2-366C-0808-3AC0BADC4BB1" />
                  <input type="hidden" name="_eventId" value="submit" />

                        <input class="btn-submit" name="submit" accesskey="l" value="LOGIN" tabindex="4" type="submit" />
                        <input class="btn-reset" name="reset" accesskey="c" value="CLEAR" tabindex="5" type="reset" />
                    </div>
                </div>
              
               <div id="sidebar">
                   <p>For security reasons, please Log Out and Exit your web browser when you are done accessing services that require authentication!</p>
                   <div id="list-languages">
                  
                  
                  
                       <h3>Languages:</h3>
                  <ul
                     ><li class="first"><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=en">English</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=es">Spanish</a></li            
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=fr">French</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=ru">Russian</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=nl">Nederlands</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=sv">Svenskt</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=it">Italiano</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=ur">Urdu</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=zh_CN">Chinese (Simplified)</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=de">Deutsch</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=ja">Japanese</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=hr">Croatian</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=cs">Czech</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=sl">Slovenian</a></li
                     ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=pl">Polish</a></li
                            ><li><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=pt_BR">Portuguese (Brazil)</a></li
                     ><li class="last"><a href="login?service=http%3a%2f%2fsundar-desktop%2falfresco%2fwcs%2fwebframework%2fcontent%2fmetadata%3fuser%3dadmin&locale=tr">Turkish</a></li
                  ></ul>
                   </div>
               </div>
           </form>
      </div>
       <div id="footer">
           <div>
               <p>Copyright &copy; 2005-2007 JA-SIG. All rights reserved.</p>
               <p>Powered by <a href="http://www.ja-sig.org/products/cas/">JA-SIG Central Authentication Service 3.3.4</a></p>
           </div>
           <a href="http://www.ja-sig.org" title="go to JA-SIG home page"><img id="logo" src="images/ja-sig-logo.gif" width="118" height="31" alt="JA-SIG" title="go to JA-SIG home page" /></a>
       </div>
   </body>
</html>


   org.json.JSONTokener.syntaxError(Unknown Source)
   org.json.JSONObject.<init>(Unknown Source)
   org.json.JSONObject.<init>(Unknown Source)
   org.alfresco.web.site.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:166)
   org.alfresco.web.site.UserFactory.faultUser(UserFactory.java:176)
   org.alfresco.web.site.UserFactory.faultUser(UserFactory.java:110)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:93)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

My webscript-framework-config-custom.xml is:

  <config evaluator="string-compare" condition="Remote">
    <remote>
      <!– SSL client certificate + trusted CAs. Optionally used to authenticate share to an external SSO system such as CAS –>
      <keystore>
        <path>alfresco/web-extension/alfresco-system.p12</path>
        <type>pkcs12</type>
        <password>password</password>
      </keystore>
      
      <connector>
        <id>alfrescoCookie</id>
        <name>Alfresco Connector</name>
        <description>Connects to an Alfresco instance using cookie-based authentication</description>
        <class>org.alfresco.connector.AlfrescoConnector</class>
      </connector>

      <endpoint>
        <id>alfresco</id>
        <name>Alfresco - user access</name>
        <description>Access to Alfresco Repository WebScripts that require user authentication</description>
        <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://myhost/alfresco/wcs</endpoint-url>
        <identity>user</identity>
        <external-auth>true</external-auth>
      </endpoint>
           
    </remote>
  </config>

cybertoast
Champ in-the-making
Champ in-the-making
Hi dward, The CASServer has this in its log:

2009-11-02 18:19:01,300 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://sundar-desktop/alfresco/wcs/webframework/content/metadata?user=admin>
2009-11-02 18:19:01,300 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://sundar-desktop/alfresco/wcs/webframework/content/metadata?user=admin>
2009-11-02 18:19:01,300 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' completed execution; result is 'success'>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Action 'X509CertificateCredentialsNonInteractiveAction' beginning execution>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Certificates not found in request.>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Action 'X509CertificateCredentialsNonInteractiveAction' completed execution; result is 'error'>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing setupForm>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form object with name 'credentials'>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form errors for object with name 'credentials'>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution>
2009-11-02 18:19:01,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'>

Does the "[org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Certificates not found in request.>" indicate that there's a problem in certificates being handled properly? Or is this safe to ignore?

matthias
Champ in-the-making
Champ in-the-making
Ok, what I have now:

- Share is authenticating properly with the certificate. I got these lines in cas.log:

2009-11-02 20:57:34,769 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - certificate was issued by t
rusted issuer
2009-11-02 20:57:34,769 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - this is an end-user certifi
cate
2009-11-02 20:57:34,769 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - Pattern Match: true [EMAILA
DDRESS=noc@company.de, CN=alfresco-system, OU=Network Operations, O=company UG, ST=somestate, C=DE] against [.*].
2009-11-02 20:57:34,770 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - cert[2] ok, setting as cred
entials candidate
2009-11-02 20:57:34,770 INFO [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - authentication OK; SSL clien
t authentication data meets criteria for cert[2]
2009-11-02 20:57:34,770 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.x509.authentication.han
dler.support.X509CredentialsAuthenticationHandler successfully authenticated the user which provided the following credentials: org.jasig.cas.adaptors.x509.a
uthentication.principal.X509CertificateCredentials@454a8c
2009-11-02 20:57:34,770 INFO [org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToIdentifierPrincipalResolver] - Creating princi
pal for: EMAILADDRESS=noc@company.de, CN=alfresco-system, OU=Network Operations, O=company, ST=somestate, C=DE
2009-11-02 20:57:34,840 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-fljp791QoR4132GIrhfC-app01.company.de] for serv
ice [https://app01.company.de/alfresco/wcs/webframework/content/metadata?user=matthias.name%40company.de] for user [alfresco-system]


…but I still received the same error as jmwarfe when I try to access Share. Is it a problem with the  '@' sign in my username? We use multitenancy, so the sign is mandatory.


- WebDAV is working again, thanks.

Matthias

cybertoast
Champ in-the-making
Champ in-the-making
Matthias, I wonder how you got your Share to send out the certificate. It seems (based on my logs) that I'm actually failing the X509CredentialsAuthenticationHandler in login-webflow and going on to the viewLoginForm action. But can't understand why. Do you have any suggestions? Did you have this problem before and solve the certificate handling somehow? Thanks much for any help.

dward
Champ on-the-rise
Champ on-the-rise
Matthias. It may well be that multi tenancy is stopping the feature from working. Although I still don't know why, if share is sending the certificate, it still claims to be getting HTML back from the user metadata call.

All I can suggest is that we instrument share's client with further debug logging so we can work out what sequence of redirects are happening.

Do you feel up to adding some additional logging to

org.alfresco.connector.RemoteClient.service(URL, InputStream, OutputStream, HttpServletRequest, HttpServletResponse, ResponseStatus)

?

If we could see what URLs are being called, what redirects are happening, what cookies are being returned and what status codes are being received, we might be able to work out what's going wrong!