AnsweredAssumed Answered

Alfresco Share NTLM SSO

Question asked by jtm45 on Jul 1, 2009
Latest reply on Jul 8, 2009 by ofrxnz
Using the nightly build as of 2009-06-30, I've got the passthru NTLM SSO configured and working correctly for the Explorer application. (As documented, with one caveat, I added the authentication chain declaration authentication.chain=mypassthru1:passthru,alfrescoNtlm1:alfrescoNtlm into the repository.properties rather than alfresco-global.properties, since it didn't seem to work in the latter )  However, accessing the Share application is failing.   I've configured it as per the Wiki documentation (uncommented the filter and mappings in the Share's web.xml and uncommented the end point configuration in tomcat\shared\classes\alfresco\web-extension\webscript-framework-config-custom.xml

When accessing the Share application, it is apparently logging me in correctly, but then it throws an exception trying to access a webscript without credentials.  Here is the stack trace from the log:


08:52:38,945 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Processing request: /alfresco/wcs/remotestore/has/alfresco/site-data/pages/site-index.xml SID:null
08:52:38,961 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 127.0.0.1 (127.0.0.1:1589) SID:B1BEE9E59C4686EBD4C9CC6972A0FD47
08:52:38,976 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Processing request: /alfresco/wcs/remotestore/has/alfresco/site-data/configurations/slingshot.site.configuration.xml SID:null
08:52:38,976 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 127.0.0.1 (127.0.0.1:1590) SID:AAF8071F87ECB947DE20DD25967FE27D
08:52:46,601 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Processing request: /alfresco/wcs/touch SID:null
08:52:46,617 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
08:52:46,617 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Client domain null
08:52:46,726 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x80000203,Target:SERVERA,Ch:bd0b56c5bc3fa756]
08:52:46,742 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Processing request: /alfresco/wcs/touch SID:CA510E79A7C8208449BE37DB20EDE357
08:52:46,742 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:372b56354756e64f143a9efd5184acd5c01b9c2a0c6342f4,NTLM:372b56354756e64f143a9efd5184acd5c01b9c2a0c6342f4,Dom:DOMAIN,User:userid,Wks:SERVER]
08:52:46,836 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, alfrescoNtlm1]
08:52:46,883 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
08:52:46,914 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, alfrescoNtlm1] complete
08:52:46,976 DEBUG [org.alfresco.web.app.servlet.AbstractAuthenticationFilter] Accept-Language list : [[en_us,1.0]]
08:52:46,976 DEBUG [org.alfresco.web.app.servlet.AbstractAuthenticationFilter] Accept-Language using [en_us,1.0]
08:52:46,976 DEBUG [org.alfresco.web.app.servlet.AbstractAuthenticationFilter] Using language [en_us,1.0], locale en_US
08:52:46,976 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Updated cached NTLM details
08:52:46,976 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] User logged on via NTLM, [userid,Wks:SERVER,Dom:DOMAIN,AuthSrv:SERVERA,Wed Jul 01 08:52:46 CDT 2009]
08:52:46,992 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Login page requested, chaining …
08:52:47,226 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Processing request: /alfresco/wcs/webframework/content/metadata SID:CA510E79A7C8208449BE37DB20EDE357
08:52:47,242 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] User USERID validate ticket
08:52:47,242 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Authentication not required (user), chaining …
08:52:47,242 ERROR [org.alfresco.web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 06010007 Web Script org/alfresco/webframework/metadata.get requires user authentication; however, a guest has attempted access.
org.alfresco.web.scripts.WebScriptException: 06010007 Web Script org/alfresco/webframework/metadata.get requires user authentication; however, a guest has attempted access.
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:258)
   at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:262)
   at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)
   at org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:122)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.doFilter(BaseNTLMAuthenticationFilter.java:264)
   at org.alfresco.web.app.servlet.WebScriptNTLMAuthenticationFilter.doFilter(WebScriptNTLMAuthenticationFilter.java:94)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:109)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
   at $Proxy193.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:619)

Am I missing another configuation piece?

Outcomes