AnsweredAssumed Answered

4.2.d issue with remote call from Share

Question asked by smcardle on Oct 30, 2013
Hi All

There seems to be an issue with the remote connector call from Share to Alfresco in the 4.2.d release.

Basically, we have SSO enabled and in our previous version, calling an Alfresco Web Script from a Share Web Script using the remote connector would pass the authenticated user through.

For some reason, in 4.2.d this does not seem to be happening which results in the Alfresco Web Script ALWAYS returns stating that Authentication is required.

We have identical setups of our share-config-custom.xml

   <config evaluator="string-compare" condition="Remote">
      <remote>
      <!–
         <keystore>
             <path>alfresco/web-extension/alfresco-system.p12</path>
             <type>pkcs12</type>
             <password>alfresco-system</password>
         </keystore>
      –>
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
         </connector>
         <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>SsoUserHeader</userHeader>
         </connector>
         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://alfresco.server.co.nz:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>


And the relevant section from our alfresco-global.properties for external authentication looks like this

# Auth chain
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
alfresco.authentication.allowGuestLogin=true
# SSO settings
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=SsoUserHeader


So, with the Alfresco Web Scrip setup for Authentication as follows in the desc.xml file

<authentication runas="admin">user</authentication>

No authentication is passed through even though Share authenticates successfully against our OpenAM installation.

As I said, this worked perfectly in our previous release.

For the moment we have had to set the Authentication as

<authentication runas="admin">none</authentication>

to get it to work but we lose some audit information regarding the actual user that executed the Web Script. I have disable the CSRF as our Alfresco install is never accessed directly through the Share or Alfresco UI's but rather only via Web Scripts from our application.

Any help in resolving this would be great

Regards

Steven McArdle

Outcomes