AnsweredAssumed Answered

Alfresco Community 4.2b 'Share' SSO issue

Question asked by nishanthadole on Dec 18, 2012
Latest reply on Dec 21, 2012 by soulearth
Hello,

I am trying to configure Alfresco Share with CAS (mod_auth_cas). I am able to login to /alfresco
but cannot login to /share.

CAS : version 3.5
Alfresco :  Community 4.2b

share-config-custom.xml file


<alfresco-config>

   <config evaluator="string-compare" condition="RepositoryLibrary"
      replace="true">
      <visible>true</visible>
   </config>

   <!– this one is to enable alfresco –>
   <config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not
               require authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require
               user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via
               the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
      </remote>
   </config>

   <!– this one is to enable Share –>
   <config evaluator="string-compare" condition="Remote">
      <remote>
         <keystore>
            <path>alfresco/web-extension/alfresco-system.p12</path>
            <type>pkcs12</type>
            <password>alfresco-system</password>
         </keystore>

         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based
               authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>CAS_FILTER_USER</userHeader>
         </connector>

         <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and
               cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>CAS_FILTER_USER</userHeader>
         </connector>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require
               user authentication</description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>

</alfresco-config>

alfresco-global.properties file

### disable Guest login page in Alfresco ###
alfresco.authentication.allowGuestLogin=false

### using External authentication subsystem ###
authentication.chain=external1:external
external.authentication.proxyUserName=
external.authentication.proxyHeader=CAS_FILTER_USER
external.authentication.enabled=true
external.authentication.userIdPattern=

CAS is working properly as my other applications integrated with it are running fine.
Even when i access /alfresco it works properly, but when i hit /share its shows alfresco error page.

In the logs it says :

12:28:43,655 DEBUG [org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter] Processing request: /alfresco/wcs/remoteadm/has/alfresco/site-data/configurations/slingshot.site.configuration.xml SID:null
12:28:43,655 DEBUG [org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter] Found webscript with no authentication - set NO_AUTH_REQUIRED flag.
12:28:43,733 DEBUG [org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter] Processing request: /alfresco/wcs/remoteadm/has/alfresco/site-data/themes/default.xml SID:null
12:28:43,733 DEBUG [org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter] Found webscript with no authentication - set NO_AUTH_REQUIRED flag.
12:28:43,764 DEBUG [org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter] Processing request: /alfresco/wcs/touch SID:null
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.AuthenticationHelper] Authenticating the current user using session based Ticket information.
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.AuthenticationHelper] Remote user mapper configured and active. Asking for external user ID.
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.DefaultRemoteUserMapper] Getting RemoteUser from http request.
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.DefaultRemoteUserMapper] The remote user id is: null
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.DefaultRemoteUserMapper] The header user id is: admin
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.DefaultRemoteUserMapper] The proxy user name is: null
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.DefaultRemoteUserMapper] The normalized user name is: admin for user id admin
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.DefaultRemoteUserMapper] Returning admin
12:28:43,780 DEBUG [org.alfresco.web.app.servlet.AuthenticationHelper] Extracted external user ID from request: admin
12:28:43,795 DEBUG [org.alfresco.web.app.ContextListener] HTTP session created: 1F587B0112D64B1DCADF6D90CAE344EF
12:28:43,795 DEBUG [org.alfresco.web.app.servlet.AuthenticationHelper] There are no previously-cached users.
12:28:43,795 DEBUG [org.alfresco.web.app.servlet.AuthenticationHelper] We have been authenticated by other means, authenticating the user: admin
12:28:43,811 DEBUG [org.alfresco.web.app.servlet.AuthenticationHelper] Creating an object for admin and storing it in the session
12:28:43,811 DEBUG [org.alfresco.web.app.servlet.AuthenticationHelper] Creating an object for admin with ticket: TICKET_1eabff7f19ccf140fe335ad718b43b67c18128bd
12:28:43,827 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 11180005 Read-Write transaction started within read-only transaction
org.alfresco.error.AlfrescoRuntimeException: 11170226 Read-Write transaction started within read-only transaction
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:360)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:304)
   at org.alfresco.web.app.servlet.AuthenticationHelper.createUser(AuthenticationHelper.java:421)
   at org.alfresco.web.app.servlet.AuthenticationHelper.setUser(AuthenticationHelper.java:375)
   at org.alfresco.web.app.servlet.AuthenticationHelper.getUser(AuthenticationHelper.java:617)
   at org.alfresco.web.app.servlet.AuthenticationHelper.authenticate(AuthenticationHelper.java:176)
   at org.alfresco.repo.web.scripts.servlet.WebClientAuthenticatorFactory$WebClientAuthenticator.authenticate(WebClientAuthenticatorFactory.java:142)
   at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:304)
   at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:301)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:433)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:323)
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:341)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:377)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
   at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:118)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:68)
   at sun.reflect.GeneratedMethodAccessor388.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:601)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:116)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy245.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter.doFilter(WebScriptSSOAuthenticationFilter.java:140)
   at sun.reflect.GeneratedMethodAccessor388.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:601)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy245.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
   at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
   at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
   at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
   at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1813)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
   at java.lang.Thread.run(Thread.java:722)

Please help !

Thanks !

Outcomes