Home

Alfresco Share 4.0.d - External Authentication

You are here

5 posts / 0 new
Last post
Alfresco Share 4.0.d - External Authentication

Hi,

I want to test the external authentication in Alfresco Share 4.0.d with the mod_auth_cas but it doesn't work.

My installation works with a Alfresco Share 3.4.4.

I kept my installation of Apache and mod_auth_cas. I just reinstalled the Alfresco in 4.0.d.

In alfresco-global.properties, I added the properties :

authentication.chain=external1:external,ldap1:ldap
 
# Authentification CAS
external.authentication.proxyUserName=
external.authentication.proxyHeader=x-alfresco-remote-user
external.authentication.enabled=true
external.authentication.userIdPattern=

And I uncommented in shared/classes/alfresco/web-extension/share-config-custom.xml :

   <config evaluator="string-compare" condition="Remote">
<remote>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
</connector>
 
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:9080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>

The external authentication works in Alfresco but doesn't work in Share.

Logs in alfresco.log when I want to connect in Share :

INFO: Server startup in 53657 ms
2012-02-17 16:22:25,339 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Executing (GET) http://localhost:9080/alfresco/wcs/remoteadm/has/alfresco/site-data/configurations/slingshot.site.configuration.xml?s=sitestore
2012-02-17 16:22:25,340 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] - OutputStream supplied - will stream response...
2012-02-17 16:22:25,501 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response status code: 200
2012-02-17 16:22:25,501 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Length=5
2012-02-17 16:22:25,501 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Date=Fri, 17 Feb 2012 15:22:25 GMT
2012-02-17 16:22:25,501 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response encoding: null
2012-02-17 16:22:25,503 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Executing (GET) http://localhost:9080/alfresco/wcs/remoteadm/has/alfresco/site-data/themes/default.xml?s=sitestore
2012-02-17 16:22:25,503 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] - OutputStream supplied - will stream response...
2012-02-17 16:22:25,514 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response status code: 200
2012-02-17 16:22:25,514 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Length=5
2012-02-17 16:22:25,514 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Date=Fri, 17 Feb 2012 15:22:25 GMT
2012-02-17 16:22:25,514 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response encoding: null
2012-02-17 16:22:25,516 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Executing (GET) http://localhost:9080/alfresco/wcs/touch
2012-02-17 16:22:25,517 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] - OutputStream supplied - will stream response...
2012-02-17 16:22:25,517 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Set request header: x-alfresco-remote-user=admin.share
2012-02-17 16:22:25,517 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Setting Cookie header: JSESSIONID=6C1F0E6A78C3F12AECB3379D8FCA0ABF
2012-02-17 16:22:25,735 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] RemoteClient found Set-Cookie: JSESSIONID = 632BB1C8188C5A50C3404791079B390E
2012-02-17 16:22:25,735 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response status code: 200
2012-02-17 16:22:25,735 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Set-Cookie=JSESSIONID=632BB1C8188C5A50C3404791079B390E; Path=/alfresco
2012-02-17 16:22:25,735 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Length=0
2012-02-17 16:22:25,735 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Date=Fri, 17 Feb 2012 15:22:25 GMT
2012-02-17 16:22:25,735 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response encoding: null
2012-02-17 16:22:25,780 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Executing (GET) http://localhost:9080/alfresco/wcs/api/admin/restrictions?guest=true
2012-02-17 16:22:25,780 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] - OutputStream supplied - will stream response...
2012-02-17 16:22:25,799 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] RemoteClient found Set-Cookie: JSESSIONID = 153A3B6569000DE688A8CC683E6B7721
2012-02-17 16:22:25,800 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Setting Cookie header: JSESSIONID=153A3B6569000DE688A8CC683E6B7721
2012-02-17 16:22:26,344 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response status code: 200
2012-02-17 16:22:26,344 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Type=text/html;charset=UTF-8
2012-02-17 16:22:26,345 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Content-Language=en
2012-02-17 16:22:26,345 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Response header: Date=Fri, 17 Feb 2012 15:22:25 GMT
2012-02-17 16:22:26,345 DEBUG [webscripts.connector.RemoteClient] [TP-Processor3] Response encoding: Content-Type: text/html;charset=UTF-8^M
 
2012-02-17 16:22:26,348 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] Output (10158 bytes) from: http://localhost:9080/alfresco/wcs/api/admin/restrictions?guest=true
2012-02-17 16:22:26,348 TRACE [webscripts.connector.RemoteClient] [TP-Processor3] ^M
<body bgcolor="#ffffff" style="background-image: url(/alfresco/images/logo/AlfrescoFadedBG.png); background-repeat: no-repeat; background-attachment: fixed">^M
^M
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Alfresco Explorer - Connexion</title>
<link rel="search" type="application/opensearchdescription+xml" href="/alfresco/wcservice/api/search/keyword/description.xml" title="Alfresco Keyword Search">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
...
</body>^M
 
2012-02-17 16:22:26,348 INFO [web.site.EditionInterceptor] [TP-Processor3] Successfully retrieved license information from Alfresco.
2012-02-17 16:22:26,488 ERROR [alfresco.web.site] [TP-Processor3] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.WebFrameworkServiceException: Unable to process response: A JSONObject text must begin with '{' at character 47
org.springframework.extensions.surf.exception.WebFrameworkServiceException: Unable to process response: A JSONObject text must begin with '{' at character 47
at org.alfresco.web.site.EditionInterceptor.preHandle(EditionInterceptor.java:152)
at org.springframework.web.servlet.handler.WebRequestHandlerInterceptorAdapter.preHandle(WebRequestHandlerInterceptorAdapter.java:54)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:781)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:74)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.alfresco.web.site.servlet.SSOAuthenticationFilter.challengeOrPassThrough(SSOAuthenticationFilter.java:619)
at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:382)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.json.JSONException: A JSONObject text must begin with '{' at character 47
at org.json.JSONTokener.syntaxError(JSONTokener.java:413)
at org.json.JSONObject.<init>(JSONObject.java:180)
at org.json.JSONObject.<init>(JSONObject.java:420)
at org.alfresco.web.site.EditionInterceptor$EditionInfo.<init>(EditionInterceptor.java:206)
at org.alfresco.web.site.EditionInterceptor.preHandle(EditionInterceptor.java:109)
... 29 more

The webscript used for external authentication in 4.0.d have completely changed from the 3.4.4.

So, I'm wondering if the external authentication in Share is available for this release.

Does anyone know how to set up external authentication in Share 4.0.d?

Thanks for any help.

William

Re: Alfresco Share 4.0.d - External Authentication

No one has tested the external authentication?

Re: Alfresco Share 4.0.d - External Authentication

I'm having the exact same issue. Have you had any luck? I think I see what the issue is and it might be a bug. When I do a packet trace I see the "touch" to get the cookie:

GET /alfresco/wcs/touch HTTP/1.1
x-alfresco-remote-user: mboorshtein
User-Agent: Jakarta Commons-HttpClient/3.1
Host: localhost.localdomain:8080
 
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=8370A75CF2BEB70FFD94EA77ACF7D653; Path=/alfresco
Content-Length: 0
Date: Sat, 03 Mar 2012 21:39:50 GMT

So share is sending the correct header and explorer is responding with the correct jsessionid cookie but on the subsequent request:

GET /alfresco/wcs/api/admin/restrictions?guest=true HTTP/1.1
User-Agent: Jakarta Commons-HttpClient/3.1
Host: localhost.localdomain:8080
 
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=377A7069B4485E5A2BE833A1B6238187; Path=/alfresco
Location: http://localhost.localdomain:8080/alfresco/faces/jsp/login.jsp?_alfRedirect=%2Falfresco%2Fwcs%2Fapi%2Fadmin%2Frestrictions%3Fguest%3Dtrue
Content-Length: 0
Date: Sat, 03 Mar 2012 21:39:50 GMT

Share isn't sending the cookie or the header so alfresco is just "forgetting" the login.

FIXED - Re: Alfresco Share 4.0.d - External Authentication

it looks like there's a bug with how share works with alfresco with external users. If you change

authentication.chain=external1:external

to

external1:external,alfrescoNtlm1:alfrescoNtlm

and restart tomcat it will work.Here's the Jira issue: https://issues.alfresco.com/jira/browse/ALF-13194

Thanks
Marc

Re: Alfresco Share 4.0.d - External Authentication

Thank you very much. :)