AnsweredAssumed Answered

Share Login Problems when forcing Tomcat to use only SSL/HTTPS (Alfresco 5.0.d)

Question asked by dfxx on Feb 27, 2016
Latest reply on Feb 29, 2016 by eswbitto
Dear all,

I'm completely new to Alfresco and also web servers, so please excuse any easy or "dumb" question. For a university project, my team and me are supposed to develop an Alfresco plugin. I am currently responsible for installing and configuring on our own server for testing purposes. I dislike the idea that the Alfresco installer comes "all in one" and does not make use of pre-installed software on the server, such as a database or a webserver. Hence, I decided to manually install the components.

Up to now, I did the following:
<ul>
  <li>Install Java 8.</li>
  <li>Install Tomcat 7 and enable SSL support using self-signed certificates (it is only a test environment).</li>
  <li>Install MariaDB (MySQL).</li>
  <li>Followed instructions at http://docs.alfresco.com/5.0/tasks/alf-war-install.html</li>
</ul>

I dislik the fact that the share log in possible using only HTTPS, so I wanted to enforce HTTPS on Tomcat. To do so, I added the following lines to /var/lib/tomcat7/conf/web.xml:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <!– auth-constraint goes here if you requre authentication –>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>


Furthermore, I edited my /var/lib/tomcat7/conf/server.xml:

<Connector port="8080" enableLookups="false"
       redirectPort="8443" />


I also changed /var/lib/tomcat7/shared/classes/alfresco-global.properties file accordingly:

#
# URL Generation Parameters (The ${localname} token is replaced by the local server name)
#————-
alfresco.context=alfresco
alfresco.host=${localname}
#alfresco.port=8080
alfresco.port=8443
alfresco.protocol=https

share.context=share
share.host=${localname}
#share.port=8080
share.port=8443
share.protocol=https


However, since I forced Tomcat to use HTTPS, I can no longer log in to share. My (correct) credentials are simply rejected. I attached alfresco.log and share.log. I already googled for a solution, but I did not get any further. I read about similar problems which were solved by using both Apache httpd and Tomcat. If possible, I would like to avoid installing another web server to keep the complexity low. As I already mentioned, I'm very new to this field.

I would really appreciate suggestions and comments from you. If you need further information, just let me know.

Thanks in advance and kind regards,

dfxx

Attachments

Outcomes