AnsweredAssumed Answered

PersonService can't create a user when authenticating SSO

Question asked by rpinheiro on Oct 22, 2009
Latest reply on Oct 23, 2009 by rpinheiro
Hello

I've configured my Alfresco Server for Kerberos SSO integration against Active Directory, the server runs normaly, all SPN's authenticates fine against A.D. but when i try to authenticate my user Alfresco shows the authentication page and prints the following exception:


16:49:08,899  DEBUG [web.custom.KerberosAuthenticationFilterCustom] Kerberos logon error
org.alfresco.service.cmr.security.NoSuchPersonException: User does not exist and could not be created: RogerioP
   at org.alfresco.repo.security.person.PersonServiceImpl.getPerson(PersonServiceImpl.java:266)
   at com.hexatek.web.custom.BaseSSOAuthenticationFilterCustom.createUserEnvironment(BaseSSOAuthenticationFilterCustom.java:285)
   at com.hexatek.web.custom.BaseKerberosAuthenticationFilterCustom.doKerberosLogon(BaseKerberosAuthenticationFilterCustom.java:553)
   at com.hexatek.web.custom.BaseKerberosAuthenticationFilterCustom.doFilter(BaseKerberosAuthenticationFilterCustom.java:428)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Unknown Source)

I debugged the method getPerson from the code PersonServiceImpl (PersonServiceImpl.java:266) and i finded out that if the user doesn't exists and the createMissingPeople() is false, the user won't be created. So the error is not that but in method AlfrescoTransactionSupport.getTransactionReadState() that alway returns TXN_READ_ONLY and gets to fail the statement: txnReadState == TxnReadState.TXN_READ_WRITE. Look the code bellow:


    public NodeRef getPerson(String userName)
    {
        NodeRef personNode = getPersonOrNull(userName);
        if (personNode == null)
        {
            TxnReadState txnReadState = AlfrescoTransactionSupport.getTransactionReadState(); // Returns always TXN_READ_ONLY
            if (createMissingPeople() && txnReadState == TxnReadState.TXN_READ_WRITE)
            {
                // We create missing people AND are in a read-write txn
                return createMissingPerson(userName);
            }
            else
            {
                throw new NoSuchPersonException(userName);
            }
        }
        else
        {
            return personNode;
        }
    }

Anybody has any ideia what is happening to this code? How can i change to  AlfrescoTransactionSupport.getTransactionReadState() returns the TXN_READ_WRITE value?  :x

Thanks

Outcomes