AnsweredAssumed Answered

Authentification NTLM passthrought

Question asked by tanguyc on Jul 20, 2009
Bonjour a tous,

J'ai quelques soucis de configuration pour mettre en place l'authentification NTLM avec la version 3 d'Alfresco (version 3.0.0 (Stable 1526) schema 1002).

En avant propos, si j'ai bien compris les documents d'installation.
Il est juste nécessaire de décommenter les éléments adéquates dans le fichier web.xml et de mettre en place le fichier ntlm-authentication-context.xml. Il n'est pas alors nécessaire de synchroniser les users avec l'active directory car le mode "passthrought" créera l'utilisateur une fois authentifier. Arreter moi là si je fais fausse route.

Mon fichier web.xml est :
<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
  "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
   <display-name>Alfresco Web Client</display-name>

   <description>Alfresco Web Client</description>

   <context-param>
      <param-name>org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL</param-name>
      <param-value>true</param-value>
   </context-param>

   <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>server</param-value>
   </context-param>

   <context-param>
      <param-name>javax.faces.CONFIG_FILES</param-name>
      <param-value>/WEB-INF/faces-config-app.xml,/WEB-INF/faces-config-beans.xml,/WEB-INF/faces-config-navigation.xml,/WEB-INF/faces-config-common.xml,/WEB-INF/faces-config-repo.xml,/WEB-INF/faces-config-wcm.xml,/WEB-INF/faces-config-custom.xml</param-value>
   </context-param>

   <context-param>
      <param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
      <param-value>true</param-value>
   </context-param>

   <context-param>
      <param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
      <param-value>false</param-value>
      <description>This is an EXPERIMENTAL feature, so leave it off for now!</description>
   </context-param>

   <context-param>
      <param-name>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</param-name>
      <param-value>false</param-value>
      <description>Stop MyFaces from Serializing the state to the session</description>
   </context-param>

    <!– TODO: Change this to false for production –>
    <context-param>
        <param-name>org.apache.myfaces.PRETTY_HTML</param-name>
        <param-value>true</param-value>
        <description>
            If true, rendered HTML code will be formatted, so that it is "human readable".
            i.e. additional line separators and whitespace will be written, that do not
            influence the HTML code.
            Default: "true"
        </description>
    </context-param>

    <context-param>
        <param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
        <param-value>false</param-value>
        <description>
            If true, a javascript function will be rendered that is able to restore the
            former vertical scroll on every request. Convenient feature if you have pages
            with long lists and you do not want the browser page to always jump to the top
            if you trigger a link or button action that stays on the same page.
            Default: "false"
        </description>
    </context-param>

   <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>
         classpath:alfresco/application-context.xml
         classpath:alfresco/webscript-framework-application-context.xml
         classpath:alfresco/web-client-application-context.xml
         classpath:alfresco/web-scripts-application-context.xml
         classpath:alfresco/web-services-application-context.xml

         <!–
         To give final control over the tuning of the custom environment,
         the custom-web-context.xml file is processed last (note:
         custom-web-context.xml isn't part of the source tree itself).
         –>
         classpath*:alfresco/extension/custom-web-context.xml

      </param-value>
      <description>Spring config file locations</description>
   </context-param>

   <!–  These were previously init params for the WebDAV servlet,
         but since they are also needed to MT-enable the
         ExternalAccess servlet, I have made them context wide. –>
   <context-param>
         <param-name>store</param-name>
         <param-value>workspace://SpacesStore</param-value>
   </context-param>
   <context-param>
         <param-name>rootPath</param-name>
         <param-value>/app:company_home</param-value>
   </context-param>


   <filter>
      <filter-name>Authentication Filter</filter-name>
     <!– <filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>–>
     
      <!– For NTLM authentication support use the following filter, also see the filter-mapping section –>
     
      <filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>
      <!—->
     
      <!– For Novell IChain support use the following filter –>
      <!–
      <filter-class>org.alfresco.web.app.servlet.NovellIChainsHTTPRequestAuthenticationFilter</filter-class>
      –>
   </filter>
  
   <!– For NTLM authentication support use the following filter, also see the filter-mapping section –>
  
   <filter>
      <filter-name>WebScript NTLM Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.WebScriptNTLMAuthenticationFilter</filter-class>
   </filter>
  <!– –>

   <filter>
      <filter-name>WebDAV Authentication Filter</filter-name>
    <!–  <filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>–>
     
      <!– For NTLM authentication support use the following filter –>
     
      <filter-class>org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter</filter-class>
     
   </filter>

   <filter>
      <filter-name>Admin Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
   </filter>


   <!– For NTLM authentication support enable the following mappings –>
   <!– after enabling the NTLMAuthenticationFilter filter class above –>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/navigate/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/command/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/download/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/template/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/n/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/c/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/t/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/d/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>WebScript NTLM Authentication Filter</filter-name>
      <url-pattern>/wcservice/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>WebScript NTLM Authentication Filter</filter-name>
      <url-pattern>/wcs/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/ajax/*</url-pattern>
   </filter-mapping>
   <!–  –>
  
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/faces/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>WebDAV Authentication Filter</filter-name>
      <url-pattern>/webdav/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/admin/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/categories/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/groups/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/users/delete-user.jsp</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/users/users.jsp</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/admin/system-info.jsp</url-pattern>
   </filter-mapping>


   <listener>
      <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
   </listener>

   <listener>
      <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
   </listener>
  
   <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
   </listener>

   <listener>
      <listener-class>org.alfresco.web.app.ContextListener</listener-class>
   </listener>

   <!– Faces Servlet –>
   <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
   </servlet>

   <servlet>
      <servlet-name>uploadFile</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.UploadFileServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>uploadContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.UploadContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>downloadContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.DownloadContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>downloadRawContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.DownloadRawContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>guestDownloadContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.GuestDownloadContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>guestTemplateContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.GuestTemplateContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>externalAccess</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.ExternalAccessServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>templateContent</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.TemplateContentServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>commandServlet</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.CommandServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>ajaxServlet</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.ajax.AjaxServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>axis</servlet-name>
      <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
      <load-on-startup>5</load-on-startup>
   </servlet>

   <servlet>
      <servlet-name>CXFServlet</servlet-name>
      <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
      <load-on-startup>6</load-on-startup>
   </servlet>

   <servlet>
      <servlet-name>WebDAV</servlet-name>
      <servlet-class>org.alfresco.repo.webdav.WebDAVServlet</servlet-class>
      <load-on-startup>5</load-on-startup>
   </servlet>

   <servlet>
      <servlet-name>apiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.basic</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>wcapiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.webclient</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>portalapiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.webclient</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>facebookServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.facebook.FacebookServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.facebook</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>fbapiServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.facebook.FacebookAPIServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.facebook</param-value>
      </init-param>
   </servlet>

   <servlet>
      <servlet-name>proxyServlet</servlet-name>
      <servlet-class>org.alfresco.web.scripts.servlet.HTTPProxyServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>workflowDefinitionImageServlet</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.WorkflowDefinitionImageServlet</servlet-class>
   </servlet>

   <servlet>
      <servlet-name>JBPMDeployProcessServlet</servlet-name>
      <servlet-class>org.alfresco.web.app.servlet.JBPMDeployProcessServlet</servlet-class>
   </servlet>

   <servlet-mapping>
      <servlet-name>Faces Servlet</servlet-name>
      <url-pattern>/faces/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>uploadFile</servlet-name>
      <url-pattern>/uploadFileServlet</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>uploadContent</servlet-name>
      <url-pattern>/upload/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>downloadContent</servlet-name>
      <url-pattern>/download/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>downloadContent</servlet-name>
      <url-pattern>/d/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>downloadRawContent</servlet-name>
      <url-pattern>/dr</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>guestDownloadContent</servlet-name>
      <url-pattern>/guestDownload/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>guestDownloadContent</servlet-name>
      <url-pattern>/gd/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>templateContent</servlet-name>
      <url-pattern>/template/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>templateContent</servlet-name>
      <url-pattern>/t/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>guestTemplateContent</servlet-name>
      <url-pattern>/guestTemplate/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>guestTemplateContent</servlet-name>
      <url-pattern>/gt/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>externalAccess</servlet-name>
      <url-pattern>/navigate/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>externalAccess</servlet-name>
      <url-pattern>/n/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>commandServlet</servlet-name>
      <url-pattern>/command/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>commandServlet</servlet-name>
      <url-pattern>/c/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>ajaxServlet</servlet-name>
      <url-pattern>/ajax/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>axis</servlet-name>
      <url-pattern>/api/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>CXFServlet</servlet-name>
      <url-pattern>/cmis/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
        <servlet-name>WebDAV</servlet-name>
        <url-pattern>/webdav/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>apiServlet</servlet-name>
      <url-pattern>/service/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>apiServlet</servlet-name>
      <url-pattern>/s/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>wcapiServlet</servlet-name>
      <url-pattern>/wcservice/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>wcapiServlet</servlet-name>
      <url-pattern>/wcs/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>portalapiServlet</servlet-name>
      <url-pattern>/168service/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>portalapiServlet</servlet-name>
      <url-pattern>/168s/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>facebookServlet</servlet-name>
      <url-pattern>/facebook/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>facebookServlet</servlet-name>
      <url-pattern>/fb/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>fbapiServlet</servlet-name>
      <url-pattern>/fbservice/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>fbapiServlet</servlet-name>
      <url-pattern>/fbs/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>proxyServlet</servlet-name>
      <url-pattern>/proxy</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>JBPMDeployProcessServlet</servlet-name>
      <url-pattern>/jbpm/deployprocess</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>workflowDefinitionImageServlet</servlet-name>
      <url-pattern>/workflowdefinitionimage/*</url-pattern>
   </servlet-mapping>

   <session-config>
      <session-timeout>60</session-timeout>
   </session-config>

   <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
   </welcome-file-list>

   <error-page>
      <exception-type>java.lang.Exception</exception-type>
      <location>/jsp/error.jsp</location>
   </error-page>

</web-app>

Mon ficher ntlm-authentication-context.xml est :

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

   <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
         <property name="allowSetEnabled" value="true" />
         <property name="allowGetEnabled" value="true" />
         <property name="allowDeleteUser" value="true" />
         <property name="allowCreateUser" value="true" />
   </bean>


   <!– The authentication component.                                      –>

   <!– Use the passthru authentication component to authenticate using    –>
   <!– user accounts on one or more Windows servers.                      –>

   <!– Properties that specify the server(s) to use for passthru          –>
   <!– authentication :-                                                  –>
   <!–   useLocalServer   use the local server for authentication         –>
   <!–   domain           use domain controllers from the specified domain–>
   <!–   servers          comma delimted list of server addresses or      –>
   <!–                    names                                           –>

   <bean id="authenticationComponent"
         class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
         parent="authenticationComponentBase">
       <property name="useLocalServer">
           <value>false</value>
       </property>
       <property name="servers">
           <value>domaine\ipAD, ipAD, domaine\AD, AD</value>
       </property>
       <property name="personService">
           <ref bean="personService" />
       </property>
       <property name="nodeService">
           <ref bean="nodeService" />
       </property>
       <property name="transactionService">
           <ref bean="transactionComponent" />
       </property>
       <property name="guestAccess">
           <value>false</value>
       </property>
   </bean>

</beans>

Comme je ne parvenais pas à m'authentifier par NTLM, j'ai également mis en place un chainage d'authentification pour permettre une connection sur les comptes Alfresco au cas ou le NTLM ne fonctionne pas.
Mon fichier cha

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   
  
   
    <!– Chaining of both the services and components –>
   
    <bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
        <property name="authenticationServices">
            <list>
            <ref bean="authenticationServiceNTLM"/>
            <ref bean="authenticationServiceImplJAAS"/>            
            </list>
        </property>
        <property name="mutableAuthenticationService">
            <ref bean="authenticationServiceImplAlfresco"/>
        </property>
        <property name="sysAdminCache">
            <ref bean="sysAdminCache"/>
        </property>
    </bean>
   
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ChainingAuthenticationComponentImpl">
      <property name="authenticationComponents">
            <list>
                <ref bean="authenticationComponentNTLM"/>
            <ref bean="authenticationComponentImplJAAS"/>
            </list>
        </property>
        <property name="mutableAuthenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
   </bean>
   
    <!– Alfresco Auth –>
   
    <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
        <property name="sysAdminCache">
            <ref bean="sysAdminCache"/>
        </property>
    </bean>
   
    <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="tenantService">
            <ref bean="tenantService"/>
        </property>
        <property name="dictionaryService">
            <ref bean="dictionaryService"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
        <property name="searchService">
            <ref bean="admSearchService"/>
        </property>
        <property name="retryingTransactionHelper">
          <ref bean="retryingTransactionHelper"/>
        </property>
        <property name="userNamesAreCaseSensitive">
            <value>${user.name.caseSensitive}</value>
        </property>
        <property name="passwordEncoder">
            <ref bean="passwordEncoder"/>
        </property>
    </bean>
   
    <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl" parent="authenticationComponentBase">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="allowGuestLogin">
            <value>true</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="transactionService">
            <ref bean="transactionService" />
        </property>
    </bean>
   
    <!– JAAS –>
   
    <bean id="authenticationServiceImplJAAS" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoJAAS"/>
      </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplJAAS"/>
        </property>
        <property name="sysAdminCache">
            <ref bean="sysAdminCache"/>
        </property>
    </bean>
   
    <bean id="authenticationComponentImplJAAS" class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
        <property name="realm">
            <value>COMPANY.COM</value>
        </property>
        <property name="jaasConfigEntryName">
            <value>Alfresco</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="transactionService">
            <ref bean="transactionService" />
        </property>
    </bean>
   
    <bean id="authenticationDaoJAAS" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>
   
   
   <bean id="authenticationServiceNTLM" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
      <property name="authenticationDao">
         <ref bean="authenticationDaoNTLM"/>
      </property>
      <property name="ticketComponent">
         <ref bean="ticketComponent"/>
      </property>
      <property name="authenticationComponent">
         <ref bean="authenticationComponentNTLM"/>
      </property>
   </bean>
   
   
   
   <bean id="authenticationDaoNTLM" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
         <property name="allowSetEnabled" value="true" />
         <property name="allowGetEnabled" value="true" />
         <property name="allowDeleteUser" value="true" />
         <property name="allowCreateUser" value="true" />
   </bean>
   <bean id="authenticationComponentNTLM"
         class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
         parent="authenticationComponentBase">
       <property name="useLocalServer">
           <value>false</value>
       </property>
       <property name="servers">
           <value>domaine\ipAD, ipAD, domaine\AD, AD</value>
       </property>
       <property name="personService">
           <ref bean="personService" />
       </property>
       <property name="nodeService">
           <ref bean="nodeService" />
       </property>
       <property name="transactionService">
           <ref bean="transactionComponent" />
       </property>
       <property name="guestAccess">
           <value>false</value>
       </property>
   </bean
</beans>

La connexion avec un utilisateur de l'ad me donne les logs suivantes :

09:20:56,114 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
09:20:56,118 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0xa0080201,Target:DSIFALBALA2A,Ch:5c32fb54e245a516]
09:20:56,125 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:543ddb603dfb3398c8a55bce9501d17ba9d60589639cb788,NTLM:5837a7893c79199e89cd6a8725cacfbf01010000000000009445d4b2ae06ca01a9d60589639cb7880000000002001800440053004900460041004c00420041004c004100320041000000000000000000,Dom:domaine,User:stagiairedsi,Wks:BLEURI37499]
09:20:56,134 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Logon failed using NTLMSSP/NTLMv2
09:20:56,134 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Logon failed using NTLMSSP/NTLMv1 (via fallback)
09:20:57,769 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
09:20:57,773 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0xa0080201,Target:DSIFALBALA2A,Ch:e343032e8e3e2a87]
09:20:57,778 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:9fc0357614f1ab3f1d5df01adb1c0e4624ac8b662c290767,NTLM:7d631aab4a5fa6039725cbb02ee051910101000000000000d8fed0b3ae06ca0124ac8b662c2907670000000002001800440053004900460041004c00420041004c004100320041000000000000000000,Dom:domaine,User:stagiairedsi,Wks:BLEURI37499]
09:20:57,783 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Logon failed using NTLMSSP/NTLMv2
09:20:57,783 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Logon failed using NTLMSSP/NTLMv1 (via fallback)

La connection avec le user admin (compte Alfresco) est

09:22:31,984 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 10.8.0.54 (10.8.0.54:-1)
09:22:38,715 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
09:22:38,719 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0xa0080201,Target:DSIFALBALA2A,Ch:70044bad8622d458]
09:22:38,724 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:1eedc6e84c2c0ad8442faabf670ac3154f2361bb3be63d59,NTLM:fdc629e0ef1051d124d67a8ceada3cc701010000000000003c11f6efae06ca014f2361bb3be63d590000000002001800440053004900460041004c00420041004c004100320041000000000000000000,Dom:dsifalbala2.mnhn.fr,User:admin,Wks:BLEURI37499]
09:22:38,730 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Logged on using NTLMSSP/NTLMv2
09:22:38,737 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Updated cached NTLM details
09:22:38,737 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] User logged on via NTLM, [admin,Wks:BLEURI37499,Dom:dsifalbala2.mnhn.fr,AuthSrv:DSIFALBALA2A,Fri Jul 17 09:22:38 CEST 2009]
09:22:44,046 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
09:22:44,054 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0xa0080201,Target:DSIFALBALA2A,Ch:cf02106cf8f82d8a]
09:22:44,060 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:9c98dcfc5b9d02241a4486e5d2a2cc164b00e72b366d896d,NTLM:ce0dc8f8357672884d51f4e31edecf5a01010000000000001e1323f3ae06ca014b00e72b366d896d0000000002001800440053004900460041004c00420041004c004100320041000000000000000000,Dom:dsifalbala2.mnhn.fr,User:admin,Wks:BLEURI37499]
09:22:44,066 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Logged on using NTLMSSP/NTLMv2
09:22:44,070 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Updated cached NTLM details

Merci d'avance pour l'aide que vous pourrez me donner.

Outcomes