08-29-2019 05:34 AM
Hello,
Does anyone have a zip file of alfresco on docker with kerberos already integrated so i can enter my settings (kdc,realms,etc.) and get it to work somehow. I am trying to enable kerberos for weeks now and i am getting really desperate.
Please help.
Thank you in advance!
08-30-2019 01:01 AM
08-30-2019 04:05 AM
09-03-2019 09:40 AM
Hello thank you very much for your response, i started docker container and am getting error:
javax.security.auth.login.LoginException: dev-win2008.oficina.keensoft.es: Name or service not known
I changed:
extra_hosts:
- "dev-win2008.oficina.keensoft.es:192.168.14.34" to:
extra_hosts:
- "dev-win2008.oficina.keensoft.es:192.168.1.124" where 192.168.1.124 is my windows server ip address.
Do I need to change something else?
Thank you very much for your help i really appreciate it!
09-03-2019 10:00 AM
The "dev-win2008.oficina.keensoft.es" is Keensoft domain host name. You should replace all settings like this to yours.
09-03-2019 10:38 AM
Hello,
i changed it everywhere and now i got
2019-09-03 14:34:42,734 ERROR [site.servlet.SSOAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos web filter error
share_1 | javax.security.auth.login.LoginException: null (68)
share_1 | at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
share_1 | at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
share_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
share_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
share_1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
share_1 | at java.lang.reflect.Method.invoke(Method.java:498)
share_1 | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
share_1 | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
share_1 | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
share_1 | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
share_1 | at java.security.AccessController.doPrivileged(Native Method)
share_1 | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
share_1 | at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
share_1 | at org.alfresco.web.site.servlet.SSOAuthenticationFilter.init(SSOAuthenticationFilter.java:321)
share_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
share_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
share_1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
share_1 | at java.lang.reflect.Method.invoke(Method.java:498)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1640)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1581)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1511)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:521)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
share_1 | at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
share_1 | at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
share_1 | at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
share_1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
share_1 | at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:636)
share_1 | at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:938)
share_1 | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
share_1 | at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
share_1 | at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
share_1 | at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
share_1 | at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5016)
share_1 | at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5524)
share_1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
share_1 | at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
share_1 | at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
share_1 | at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
share_1 | at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:672)
share_1 | at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1859)
share_1 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
share_1 | at java.util.concurrent.FutureTask.run(FutureTask.java:266)
share_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
share_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
share_1 | at java.lang.Thread.run(Thread.java:748)
share_1 | Caused by: KrbException: null (68)
share_1 | at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
share_1 | at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
share_1 | at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
share_1 | at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776)
share_1 | ... 45 more
share_1 | Caused by: KrbException: Identifier doesn't match expected value (906)
share_1 | at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
share_1 | at sun.security.krb5.internal.ASRep.init(ASRep.java:64)
share_1 | at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59)
share_1 | at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
share_1 | ... 48 more
Do you have any advice?
Thanks for your effort to help me!
09-04-2019 03:05 AM
You have to configure at last /docker/alfresco/assets/kerberos/krb5.conf
You have to mare .keytab files and configure Active Directory.
...
I don't check all your configuration files. Check it by yourself. You have Angel's sample. All steps of kerberos configuration described in official documentation.
p.s. please don't generate new topics for one subject. Let's continue here.
09-05-2019 05:45 AM
Hello,
I finally don't have any errors but it still doesn't work.
2019-09-05 11:22:41,321 DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos login successful
2019-09-05 11:22:41,322 DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] Logged on using principal HTTP/alfresco.server.net@SERVER.NET
2019-09-05 11:22:41,331 DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos login successful
2019-09-05 11:22:41,331 DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] Logged on using principal HTTP/alfresco.server.net@SERVER.NET
I configured Internet Explorer as so: Internet Options/Security/Intranet/Custom level/Automatic logon with current name and password.
Also i ran "kinit -p -f" for my user account and after entering password it says : 'New ticket is stored in cache file C:\Users\Mirko\krb5cc_mirko"
but when I run "klist" it says
Current LogonId is 0:0x345b0c8b
Cached Tickets: (0)
Also i can log in using ldap accounts.
You helped a great deal so far and I am very grateful.
If you know anything about this please help. Thank you in advance.
09-05-2019 06:34 AM
Client configuration of IE have two steps. Do you
add Alfresco Content Services web server is in the Local Intranet security zone?
Check Tools > Internet Options > Security > Local Intranet > Sites > Advanced, and then add the necessary domain name, for example, http://server.com or http://*.company.com.
Full description is here Step 4. Kerberos client configuration
p.s. IE and Chrome use a lot of configuration parameters, including system. Try Firefox first. It's simplest way to SSO.
Explore our Alfresco products with the links below. Use labels to filter content by product module.