AnsweredAssumed Answered

Alfresco does not seem to correctly chain Kerberos auth

Question asked by xkahn on Jan 6, 2010
Latest reply on Jan 13, 2010 by sriram_g77
I have filed this as an issue (https://issues.alfresco.com/jira/browse/ALFCOM-3752), but wanted to raise it here too; maybe I'm missing something important.

I am authenticating users through Kerberos.  Some users will have a ticket already and will have their web browsers set up to handle Negotiate authentication and some will not.  So I would like Alfresco to try SSO first, and if it fails, request a username and password.

In testing this, I can set up password auth via Kerberos and failures chain to the next auth subsystem.  But SSO Kerberos does not.  Users simply see a blank page if the authentication fails.

Testing in Internet Explorer, users see a Windows Security dialog until they either enter valid credentials. (or they press cancel and see the blank page)  In Chrome, which doesn't support negotiate at all, users only see a blank page.  In firefox, users can only access the site if it is set up correctly AND they have a valid ticket; otherwise they see a blank page.

Nothing appears in the logs.  The last message my server reports is:
17:22:28,377 INFO  [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 62.619ms)
17:22:29,231 INFO  [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework

Outcomes