AnsweredAssumed Answered

SSO not working in Share

Question asked by sumantapakira on Jun 5, 2013
Latest reply on Jun 5, 2013 by sumantapakira
Hi all,

I'm trying to implement SSO with external web application and Share. My requirement is if user is successfully authinticated in external web application through LDAP then user will be redirect to Share without asking for username & password. As a first step I did below and hard coded "admin" in my filter -
1. Created below filter and copied jar file under $Alfresco_TOMCAT/Webapps/alfresco/Web-Inf/lib and $Alfresco_TOMCAT/Webapps/share/web-inf/lib

public class SSOIntegrationFilter implements Filter {
    private static final String PARAM_REMOTE_USER = "remoteUser";
    private static final String SESS_PARAM_REMOTE_USER = SSOIntegrationFilter.class.getName() + '.' + PARAM_REMOTE_USER;
  
    public void init(FilterConfig arg0) throws ServletException {
    }
    
    public void destroy() {}
   
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) req;
        String remoteUser = "admin";
        // We've successfully authenticated the user. Remember their ID for next time.
        if (remoteUser != null) {
            HttpSession session = httpServletRequest.getSession();
            session.setAttribute(SESS_PARAM_REMOTE_USER, remoteUser);
        }
        chain.doFilter(new HttpServletRequestWrapper(httpServletRequest) {
            @Override
            public String getRemoteUser() {
                return (String) getSession().getAttribute(SESS_PARAM_REMOTE_USER);
            }
        }, res);
    }

  } 

2. Uncomment  below part in share-config-custom under $Alfresco_Tomcat\shared\classes\alfresco\web-extension -


<config evaluator="string-compare" condition="Remote">
      <remote>
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
         </connector>
        
         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config> 


3. Added below entry f my filter in $Alfresco_Tomcat\webapps\share\Web-Inf\web.xml

<filter>
    <filter-name>Special SSO Authentication Filter</filter-name>
    <filter-class>com.custfilter.SSOIntegrationFilter</filter-class>
</filter>

<filter-mapping>
      <filter-name>Special SSO Authentication Filter</filter-name>
      <url-pattern>/page/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Special SSO Authentication Filter</filter-name>
      <url-pattern>/p/*</url-pattern>
   </filter-mapping>

4. Added below part in alfresco-global.properties

authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
external.authentication.proxyUserName=X-Alfresco-Remote-User
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=uid=%s,ou=users,ou=system
ldap.authentication.active=true
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:10389
ldap.authentication.allowGuestLogin=true



I'm able to synchronize users through Apache Active directory LDAP.
Issue I'm facing - when trying to hit localhost:8080/share then system is throwing error and not able to see dashboard. Error details -

2013-06-04 23:22:34,808  ERROR [alfresco.web.site] [http-apr-8080-exec-10] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.UserFactoryException: Unable to retrieve user from repository
org.springframework.extensions.surf.exception.UserFactoryException: Unable to retrieve user from repository
   at org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:194)
   at org.alfresco.web.site.SlingshotUserFactory.loadUser(SlingshotUserFactory.java:105)
   at org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:180)
   at org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:99)
   at org.springframework.extensions.surf.RequestContextUtil.initialiseUser(RequestContextUtil.java:249)
   at org.springframework.extensions.surf.RequestContextUtil.populateRequestContext(RequestContextUtil.java:182)
   at org.springframework.extensions.surf.RequestContextUtil.populateRequestContext(RequestContextUtil.java:137)
   at org.springframework.extensions.surf.mvc.AbstractWebFrameworkView.populateRequestContext(AbstractWebFrameworkView.java:380)
   at org.springframework.extensions.surf.mvc.AbstractWebFrameworkView.renderMergedOutputModel(AbstractWebFrameworkView.java:290)
   at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250)
   at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1047)
   at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:817)
   at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
   at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
   at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:74)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at com.custfilter.SSOIntegrationFilter.doFilter(SSOIntegrationFilter.java:53)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
   at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
   at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
   at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
   at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1813)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
   at java.lang.Thread.run(Thread.java:722)
Caused by: org.json.JSONException: A JSONObject text must begin with '{' at character 47
   at org.json.JSONTokener.syntaxError(JSONTokener.java:413)
   at org.json.JSONObject.<init>(JSONObject.java:180)
   at org.json.JSONObject.<init>(JSONObject.java:420)
   at org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:188)

Please advice whether my steps are correct and what needs to be done to make it work -

Outcomes