06-17-2019 12:41 AM
Hi all,
I'm integrating alfresco rest-api, using alfresco latest version, as DMS services for external web applications.
I'm experiencing some troubles about authentication, the question is this:
How I can refresh an expired authentication ticket for rest api wihout executing e new /tickets post passing username and password?
Web applications in accord with GDPR cannot store user passwords and without a refresh service I'm not able to guarantee the validity of an authentication ticket requested by external web applicatrion at login time.
The typical scenario could be this:
The user logins the external web application, in the same time the application executes a /ticket post to obtain an authentication ticket.
Supposing in alfresco is configured a 10 minutes ticket validity time, if the user navigates the external web application for 11 minutes and then executes an action to obtain for example his user home folder list, the ticket obtained by the application for alfresco at login time will be not valid anymore, I need to refresh it such as oauth protocol does passing the expired ticket and obtaining a new one but I don't see any rest endpoint in the rest api explorer to do it. It seems that the only way is to execute a new /tickets call but once a user is logged in the application cannot store the (clear) user password.
I'm really in trouble please help me
06-20-2019 04:46 AM
Hi Vincenzo
One quick turnaround solution is to increase the time validity for longer time. You could match the session expiry time set on the application which user uses and session would be expired in that application for inactivity. This session expiration time can be equal to the Alfresco ticket validity.
Set the following property in alfresco-global.properties file:
authentication.ticket.validDuration=PT2H
This example shows the validity is set to 2 hours. 1 hour is the default setting
There is another case here, if you want to see it:
https://community.alfresco.com/thread/182531-how-to-get-alfresco-ticket-session-expiration-time
Another solution is to get rid of the dependency on ticket. Implement SSO instead and let SSO takes care of authentication etc. This would take some time to fix the issue until implementation. But you don’t have to be dependent on the alf_ticket.
06-20-2019 04:46 AM
Hi Vincenzo
One quick turnaround solution is to increase the time validity for longer time. You could match the session expiry time set on the application which user uses and session would be expired in that application for inactivity. This session expiration time can be equal to the Alfresco ticket validity.
Set the following property in alfresco-global.properties file:
authentication.ticket.validDuration=PT2H
This example shows the validity is set to 2 hours. 1 hour is the default setting
There is another case here, if you want to see it:
https://community.alfresco.com/thread/182531-how-to-get-alfresco-ticket-session-expiration-time
Another solution is to get rid of the dependency on ticket. Implement SSO instead and let SSO takes care of authentication etc. This would take some time to fix the issue until implementation. But you don’t have to be dependent on the alf_ticket.
09-08-2022 01:26 AM
How do I mention Minutes.
For testing purpose I need to set around 5min.
Could you please let us know.
Thanks
Rudresh
09-08-2022 05:58 AM
You can use following (notice the 'M'):
authentication.ticket.validDuration=PT5M
----------------------------------------
This is how time duration formats PT<number><timeDuration> Look like:
PT2S - 2 seconds
PT2M - 2 minutes
PT2H - 2 hours
PT2H30M - 2 hours 30 minutes
PT2D - 2 days
PT2Y - 2 years
Explore our Alfresco products with the links below. Use labels to filter content by product module.