AnsweredAssumed Answered

Kerberos Authentication 5.0.a

Question asked by jwright on Jul 7, 2014
Latest reply on Jul 7, 2014 by eswbitto
Hi,

I have been struggling for a few days trying to get Alfresco Community 5.0.a to work with Kerberos on a Windows Server 2008r2 domain.


I have installed the JCE files to support AES256-SHA1 and followed the instructions here :

http://docs.alfresco.com/community/tasks/auth-kerberos-ADconfig.html



This is the Error I get in the log file when starting the Server:



15:11:37,170 ERROR [org.alfresco.web.site.servlet.SSOAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: No LoginModules configured for ShareHTTP
   at javax.security.auth.login.LoginContext.init(LoginContext.java:272)
   at javax.security.auth.login.LoginContext.<init>(LoginContext.java:425)
   at org.alfresco.web.site.servlet.SSOAuthenticationFilter.init(SSOAuthenticationFilter.java:298)
   at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279)
   at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:260)
   at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:105)
   at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4809)
   at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5485)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1073)
   at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1857)
   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
   at java.util.concurrent.FutureTask.run(FutureTask.java:262)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
   at java.lang.Thread.run(Thread.java:745)



I also Receive a 404 page when navigating to http://alfresco:9090/share (I change the default port numbers)

Changing the "share-config-custom.xml" back to the original will remove the 404 page.

This is a section of my "share-config-custom.xml" file.
<code>
<config evaluator="string-compare" condition="Kerberos" replace="true">
      <kerberos>
         <!–
            Password for HTTP service account.
            The account name *must* be built from the HTTP server name, in the format :
               HTTP/<server_name>@<realm>
            (NB this is because the web browser requests an ST for the
            HTTP/<server_name> principal in the current realm, so if we're to decode
            that ST, it has to match.)
         –>
         <password>mypassword</password>
         <!–
            Kerberos realm and KDC address.
         –>
         <realm>DS.MYCOMPANY.COM</realm>
         <!–
            Service Principal Name to use on the repository tier.
            This must be like: HTTP/host.name@REALM
         –>
         <endpoint-spn>HTTP/ALFRESCO.ds.mycompany.com@DS.MYCOMPANY.COM</endpoint-spn>
         <!–
            JAAS login configuration entry name.
         –>
         <config-entry>ShareHTTP</config-entry>
      </kerberos>
   </config>
<code>




Could someone please help me?

Josh




Outcomes