We are working on an internal project on Alfresco CE 4.2.f. For this project, I am trying to access the CMIS 1.1 browser bindings via javascript on a Cross-Origin (CORS) setup, using JQuery.ajax with a "xhrFields: {withCredentials=true}" setting. Our settings for the rest of Alfresco (and share) includes NTLM, which works fine.
By my findings, Firefox and Mozilla pop up an authentication dialog (which, at least, provides for authentication albeit with a degraded user experience), whereas MSIE fails altogether the connection, at least with my current settings (I have read of a modified setting here: http://stackoverflow.com/questions/20614809/cors-authentication-in-internet-explorer-using-jquery ), which however is unacceptable for our case, since it would require all users to make changes to their IE settings, even for a pilot tryout.
Since we have NTLM Authentication on and working (and we are also in the way of setting up Kerberos/SSPNEG), we would like to have NTLM and/or SSPNEG working for the CMIS 1.1 browser binding, too.
My question is, has anyone worked around ALF-21129 and managed to provide e.g. NTLM (or SSPNEG) authentication for the CMIS 1.1 browser binding on 4.2? Our demo setup runs on Tomcat, so even a Tomcat-specific workaround would be acceptable at this point.
Of course, I would be delighted to hear when a fix for ALF-21129 is scheduled, too, and whether this will only be available for 5.0.
I am replying to my own post, to note that https://issues.alfresco.com/jira/browse/ALF-21129 seems to have been fixed in 5.0.d which came out recently. We shall give it a testing shot. Thanks to Kevin Roast for fixing it!