AnsweredAssumed Answered

Kerberos Authentication 5.0.a

Question asked by jwright on Jul 7, 2014
Latest reply on Jul 7, 2014 by eswbitto

I have been struggling for a few days trying to get Alfresco Community 5.0.a to work with Kerberos on a Windows Server 2008r2 domain.

I have installed the JCE files to support AES256-SHA1 and followed the instructions here :

This is the Error I get in the log file when starting the Server:

15:11:37,170 ERROR [] [localhost-startStop-1] HTTP Kerberos web filter error No LoginModules configured for ShareHTTP
   at org.apache.catalina.core.ApplicationFilterConfig.initFilter(
   at org.apache.catalina.core.ApplicationFilterConfig.getFilter(
   at org.apache.catalina.core.ApplicationFilterConfig.<init>(
   at org.apache.catalina.core.StandardContext.filterStart(
   at org.apache.catalina.core.StandardContext.startInternal(
   at org.apache.catalina.util.LifecycleBase.start(
   at org.apache.catalina.core.ContainerBase.addChildInternal(
   at org.apache.catalina.core.ContainerBase.addChild(
   at org.apache.catalina.core.StandardHost.addChild(
   at org.apache.catalina.startup.HostConfig.deployWAR(
   at org.apache.catalina.startup.HostConfig$
   at java.util.concurrent.Executors$
   at java.util.concurrent.ThreadPoolExecutor.runWorker(
   at java.util.concurrent.ThreadPoolExecutor$

I also Receive a 404 page when navigating to http://alfresco:9090/share (I change the default port numbers)

Changing the "share-config-custom.xml" back to the original will remove the 404 page.

This is a section of my "share-config-custom.xml" file.
<config evaluator="string-compare" condition="Kerberos" replace="true">
            Password for HTTP service account.
            The account name *must* be built from the HTTP server name, in the format :
            (NB this is because the web browser requests an ST for the
            HTTP/<server_name> principal in the current realm, so if we're to decode
            that ST, it has to match.)
            Kerberos realm and KDC address.
            Service Principal Name to use on the repository tier.
            This must be like: HTTP/
            JAAS login configuration entry name.

Could someone please help me?