AnsweredAssumed Answered

External SSO in alfresco share

Question asked by ramjoy22 on Apr 18, 2013
Latest reply on Apr 22, 2013 by shibu
I need to test external sso in alfresco share

I followed the steps

1. renamed alfresco-4.2.c/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml.sample as share-config-custom.xml.
2. Uncommentd both the
 <config evaluator="string-compare" and the condition="Remote"> 
sections.



<config evaluator="string-compare" condition="Remote">
      <remote>
         <endpoint>
            <id>alfresco-noauth</id>
            <name>Alfresco - unauthenticated access</name>
            <description>Access to Alfresco Repository WebScripts that do not
            require authentication
        </description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>none</identity>
         </endpoint>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that
                         require user authentication
        </description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <identity>user</identity>
         </endpoint>

         <endpoint>
            <id>alfresco-feed</id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via
                         the EndPointProxyServlet</description>
            <connector-id>http</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
            <basic-auth>true</basic-auth>
            <identity>user</identity>
         </endpoint>
        
         <endpoint>
            <id>activiti-admin</id>
            <name>Activiti Admin UI - user access</name>
            <description>Access to Activiti Admin UI, that requires user
                         authentication</description>
            <connector-id>activiti-admin-connector</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/activiti-admin
            </endpoint-url>
            <identity>user</identity>
         </endpoint>
      </remote>
    </config>

<config evaluator="string-compare" condition="Remote">
      <remote>
         <keystore>
             <path>alfresco/web-extension/alfresco-system.p12</path>
             <type>pkcs12</type>
             <password>alfresco-system</password>
         </keystore>
        
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based
                          authentication
            </description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
         </connector>
        
         <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and
             cookie-based authentication
            </description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>SsoUserHeader</userHeader>
         </connector>

         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user
             authentication
            </description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>



3. modified alfrsco-global.properties like ;

   authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
   external.authentication.proxyUserName=
   external.authentication.enabled=true
   external.authentication.defaultAdministratorUserNames=admin
   external.authentication.proxyHeader=SsoUserHeader

No other changes made
Do i need to do any further modifications?


i tried to access alfresco from my JSP application as follows,



Testing SSO <br>
<%

URL url1 = new URL("http://localhost:8080/share/page");
URLConnection conn = url1.openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestProperty("SsoUserHeader", "admin");
for (int i = 0;; i++) {
   String headerName = conn.getHeaderFieldKey(i); 
   String headerValue = conn.getHeaderField(i);  
   System.out.println(headerName + "==="); 
   System.out.println(headerValue); 
   if (headerName == null && headerValue == null) {     break;   }
}

%>


its giving output in console :

 
***************
null===
HTTP/1.1 200 OK
Server===
Apache-Coyote/1.1
Set-Cookie===
JSESSIONID=89E6C0A9600DDA3675EEB633F5F3A248; Path=/share/; HttpOnly
Cache-Control===
no-cache
Content-Type===
text/html;charset=utf-8
Content-Language===
en-US
Transfer-Encoding===
chunked
Date===
Wed, 17 Apr 2013 13:52:24 GMT
null===
null
*************



Connection is success here.

Now I need to test SSO.
<strong>how can i link from my jsp application to alfresco share?</strong>
<strong>when i am using response.redirect  it shows login page again</strong>

Outcomes