one thing I observed that, uptil 5.1.x they are using different filter and from alfresco 5.2 they use different filter

for 5.1.x  (share/WEB-INF/web.xml) filter they used

<filter>
<description>Share SSO authentication support filter.</description>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.site.servlet.SSOAuthenticationFilter</filter-class>
<init-param>
<param-name>endpoint</param-name>
<param-value>alfresco</param-value>
</init-param>
</filter>‍‍‍‍‍‍‍‍‍

while  5.2 filter (share/WEB-INF/web.xml) uses

<filter>
<description>Share SSO authentication support filter.</description>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.springframework.extensions.webscripts.servlet.BeanProxyFilter</filter-class>
<init-param>
<param-name>beanName</param-name>
<param-value>SSOAuthenticationFilter</param-value>
</init-param>
</filter>‍‍‍‍‍‍‍‍‍

I haven't fully got to grips with 5.2 yet but I do notice that you are missing the noauth endpoint

I can't quite read your XML due to the formatting so I'm not sure if your api endpoint is enabled - it needs to be.

You could try this for reference: alfresco-cas/share-config-custom.xml at ACE-5661 · wrighting/alfresco-cas · GitHub (but note the maven properties for replacement)

Dear Ian Wright,

I already tried setting up endpoints.

Here is my share-config-custom.xml   ( Still it is not working)

=============================================

Also find my chain declaration in alfresco-global.properties

##External authentication
##################################################
authentication.chain=external1:external,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
external.authentication.enabled=true
external.authentication.proxyUserName=
external.authentication.proxyHeader=SM_USER‍‍‍‍‍‍

And   share-config-custom.xml   looks like below  ::

tried various combinations instead  /wcs  I tried  /s

 <!-- External Authentication configuration -->
   <config evaluator="string-compare" condition="Remote">
      <remote>
          <!--
         <ssl-config>
            <keystore-path>alfresco/web-extension/alfresco-system.p12</keystore-path>
            <keystore-type>pkcs12</keystore-type>
            <keystore-password>alfresco-system</keystore-password>

            <truststore-path>alfresco/web-extension/ssl-truststore</truststore-path>
            <truststore-type>JCEKS</truststore-type>
            <truststore-password>password</truststore-password>

            <verify-hostname>false</verify-hostname>
         </ssl-config> -->

                 
         <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>SM_USER</userHeader>
         </connector>
           
            <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>none</identity>
         </endpoint>
           
           <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
         
         <endpoint>
            <id>alfresco-feed</id>
            <parent-id>alfresco</parent-id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description> 
            <connector-id>alfrescoHeader</connector-id> 
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
         
         <endpoint>
            <id>alfresco-api</id>
            <parent-id>alfresco</parent-id>
            <name>Alfresco Public API - user access</name>
            <description>Access to Alfresco Repository Public API that require user authentication.
                         This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Help appreciated,  as  struggling since last 4 days. Didn't get any resolution on this.

Strange thing I observed is even with  host:8080/share  (where there is no web server or SSO come into picture) still it is asking for basic authentication popup before share login page.

Ideally it should give me direct share login page. 

so seems  Alfresco 5.2 BUG

I'm assuming that you're running the latest CE - there is a bug logged and fixed against an earlier version for this behaviour [ACE-5661] External authentication Problem with CAS - Alfresco JIRA 

Hi Ian wright,

we are using  alfresco version    alfresco-content-services-installer-5.2.0-linux-x64.bin

And link you shared also told about fixed version is 5.2  so confused , is there any minor new version introduced then let us know with fixes.

I'm community edition only so can't help there I'm afraid.

You should be able to search JIRA to see which tags apply to that bug

Hi, did you find any walkaround ?

I can reproduce this in Alfresco 5.1.2 and Alfresco 5.2.1 but in jira it is flagged as not a bug.

But the behaviour is different with Alfresco 5.0.3.

Regards.

--C.