Alfresco AOS authentication

cancel
Showing results for 
Search instead for 
Did you mean: 
jhigueraf
Active Member

Alfresco AOS authentication

Hi,

I'm having issues with AOS and the authentaction... My goal is to edit documents using local microsoft office.

I'm using alfresco community in dockers.

I had it configured to authenticate with user and password. But, in this pass days the authentcation method changes and the office app tries to connect to keycloak. Keycloak is configured in the authentication-chain property in order to login in alfresco-share and the external API. But keycloak is not accesible from outside the local net of the containers. I can login in alfresco-share and create documents or whatever I want.

The problem occurs when I try to edit a file. A few days ago the word application prompts me the tipical user/password popup, which I fill properly and works like a charm... But now, word application prompts a web-browser which tries to connect to the local url of keycloak (http://keycloak:8080)... This url is not accesible from outside the containers network so It dosn't work... I made the url accesible for testing purpouse but the web-browser doesn't support cookies so I can not login 

Here is the JAVA_OPTS variable which is the only thing I edited:

ENV JAVA_OPTS=" \
    -Dalfresco_user_store.adminusername=alfresco_admin \
    -Dalfresco_user_store.adminpassword=alfresco_admin \
    -Ddb.username=alfresco_admin \
    -Ddb.password=alfresco_admin \
    -Ddb.driver=org.postgresql.Driver \
    -Ddb.url=jdbc:postgresql://db:5432/alfresco_db \
    -Dalfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634 \
    -Dsystem.preferred.password.encoding=bcrypt10 \
    -Dsolr.host=solr6 \
    -Dsolr.port=9084 \
    -Dsolr.port.ssl=9084 \
    -Dsolr.secureComms=secret \
    -Dsolr.sharedSecret=mysecret \
    -Dsolr.baseUrl=/solr \
    -Dindex.subsystem.name=solr6 \
    -Dalfresco.host=alfresco \
    -Dalfresco.port=8443 \
    -Dalfresco.protocol=https \
    -Dshare.host=alfresco \
    -Dshare.port=8443 \
    -Dshare.protocol=https \
    -Daos.baseUrlOverwrite=https://alfresco:8443/alfresco/aos \
    -Daos.contentFilter.ignoreOOXMLProtected=false \
    -Dmessaging.broker.url='failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true' \
    -Ddeployment.method=DOCKER_COMPOSE \
    -Dcsrf.filter.enabled=false \
    -Dopencmis.server.override=true \
    -Dopencmis.server.value=https://alfresco:8443 \
    -DlocalTransform.core-aio.url=http://alfresco-transform-core-aio:9083 \
    -DlocalTransform.ocr.url=http://alfresco-transform-ocr:8090 \
    -Dcsrf.filter.enabled=false \
    -Dalfresco.restApi.basicAuthScheme=true \
    -Dauthentication.protection.enabled=false \
    -XX:+UseG1GC -XX:+UseStringDeduplication \
    -Dgoogledocs.enabled=true \
    -Xms6848m -Xmx6848m \
    -Dauthentication.chain=identity-service1:identity-service,ldap1:ldap \
    -Didentity-service.authentication.defaultAdministratorUserNames=alfresco_admin \
    -Didentity-service.enable-basic-auth=true \
    -Didentity-service.auth-server-url=http://keycloak:8080/auth \
    -Didentity-service.realm=${ALFRESCO_REALM} \
    -Didentity-service.resource=oicd-alfresco \
    -Dldap.authentication.active=false \
    -Dldap.synchronization.active=true \
    -Dldap.authentication.java.naming.provider.url=ldap://ldap:8888 \
    -Dldap.synchronization.java.naming.security.principal=ldapconfig \
    -Dldap.synchronization.userNameFormat=cn=%s,ldapconfig \
    -Dldap.synchronization.java.naming.security.credentials=ldapconfig \
    -Dldap.synchronization.groupSearchBase=ldapconfig \
    -Dldap.synchronization.userSearchBase=ldapconfig \
    -Dldap.synchronization.java.naming.security.authentication=simple \
    -Dldap.synchronization.userIdAttributeName=cn \
    -Dldap.synchronization.full.enabled=true \
    -Dsynchronization.syncOnStartup=true \
    -Dsynchronization.import.cron='0 * * ? * *' \
    -Dlog4j.logger.org.alfresco.repo.security.sync=debug \
    -Dlog4j.logger.org.alfresco.repo.security.person=debug \
    -Dlog4j.logger.org.alfresco.enterprise.repo.authorization.AuthorizationService=debug \
    -Dlog4j.logger.org.alfresco.enterprise.repo.authorization.AuthorizationsConsistencyMonitor=debug \
    -Dlog4j.logger.org.alfresco.filesys.auth.ftp=debug \
    -Dlog4j.logger.org.alfresco.ftp.protocol.auth=debug \
    -Dlog4j.logger.org.alfresco.repo.webdav.auth=debug \
    -Dlog4j.logger.org.alfresco.repo.web.auth=debug \
    -Dlog4j.logger.org.alfresco.web.app.servlet=debug \
    -Dlog4j.logger.org.alfresco.repo.security.authentication=debug \
    -Dkeycloak.enabled=true \
    -Dkeycloak.realm=alfresco-realm \
    -Dkeycloak.auth-server-url=http://keycloak:8080/auth \
    -Dkeycloak.resource=oicd-alfresco \
    -Dkeycloak.principal-attribute=email \
    -Dkeycloak.autodetect-bearer-only=true \
    -Dkeycloak.token-store=header \
    -Dkeycloak.enable-basic-auth=false \
    -Dkeycloak.sso.enabled=true \
    -Dkeycloak.handlePublicApi=false \
    -Dkeycloak.allowTicketLogons=true \
    -Dkeycloak.allowUserNamePasswordLogin=true \
    -Dkeycloak.mapAuthorities=true \
    -Dkeycloak.mapPersonPropertiesOnLogin=true \
    -Dkeycloak.synchronization.enabled=true \
    -Dkeycloak.verify-token-audience=true \
    -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 \
    -Dcors.enabled=false \
    -Dheartbeat.enabled=false \
    "

So, could you help me to solve this problem¿? 

I'm having nightmares with this problem...