AnsweredAssumed Answered

Kerberos Auth doesn't completely works..

Question asked by m4rco- on Dec 4, 2008
Hi guys,
I've a problem:
I've just finished to configure Alfresco Labs with CIFS/Kerberos authentication (referred to this wiki http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration)
It seems to works all fine, so every user can login on alfresco without any loginpage. This is good.
but..
If someone try to open a file on the repository, the browser redirect the user on the alfresco login page..
The alfresco.log say this :

16:20:20,702 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.1.2 (192.168.1.2:3028)
16:20:20,738 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] User marco logged on via Kerberos
16:20:22,970 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] User marco validate ticket
16:20:22,974 ERROR [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] Failed to validate user marco
org.alfresco.repo.security.authentication.AuthenticationException: Could not find user by userName: marco
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUserImpl(AbstractAuthenticationComponent.java:217)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:152)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.validate(AuthenticationServiceImpl.java:172)
at sun.reflect.GeneratedMethodAccessor649.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:245)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy20.validate(Unknown Source)
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.doFilter(KerberosAuthenticationFilter.java:469)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Unknown Source)
Caused by: net.sf.acegisecurity.providers.dao.UsernameNotFoundException: Could not find user by userName: marco
at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:131)
at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getUserDetails(AuthenticationComponentImpl.java:98)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUserImpl(AbstractAuthenticationComponent.java:207)
… 34 more
16:20:22,976 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] New Kerberos auth request from 192.168.1.2 (192.168.1.2:3028)
16:20:23,013 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] User marco logged on via Kerberos
16:20:25,275 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] User marco  validate ticket
16:20:25,279 ERROR [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] Failed to validate user marco
org.alfresco.repo.security.authentication.AuthenticationException: Could not find user by userName: marco org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUserImpl(AbstractAuthenticationComponent.java:217)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:152)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.validate(AuthenticationServiceImpl.java:172)
at sun.reflect.GeneratedMethodAccessor649.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:245)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy20.validate(Unknown Source)
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.doFilter(KerberosAuthenticationFilter.java:469)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Unknown Source)
Caused by: net.sf.acegisecurity.providers.dao.UsernameNotFoundException: Could not find user by userName: marco
at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:131)
at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getUserDetails(AuthenticationComponentImpl.java:98)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUserImpl(AbstractAuthenticationComponent.java:207)
… 34 more
16:20:25,281 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] Login page requested, chaining …

It seems like that the kerberos server stop to recognize my user in the moment that i'm opening a file…
Why?

My configuration files are the same of the wiki-guide, i've started from the default configuration (i've added only the config for mysql support).
I never touch any LDAP configuration related file…should i?


My sysyem info:
OS: Debian
Alfresco Labs 3.0 (b1164) (configured on mysql5)
Network: AD on Win2k3 for kerberos auth

Thanks in advance!

m4rco

Outcomes