AnsweredAssumed Answered

Workaround for ALF-21129?

Question asked by a.varvitsiotis on Mar 4, 2015
Latest reply on Mar 27, 2015 by a.varvitsiotis
Hello to all,

We are working on an internal project on Alfresco CE 4.2.f. For this project,
I am trying to access the CMIS 1.1 browser bindings via javascript on a
Cross-Origin (CORS) setup, using JQuery.ajax with a
  "xhrFields: {withCredentials=true}"
setting. Our settings for the rest of Alfresco (and share) includes NTLM,
which works fine.

This triggers, which is as yet

By my findings, Firefox and Mozilla pop up an authentication dialog (which, at
least, provides for authentication albeit with a degraded user experience), whereas
MSIE fails altogether the connection, at least with my current settings (I have
read of a modified setting here:
), which however is unacceptable for our case, since it would require all users
to make changes to their IE settings, even for a pilot tryout.

Since we have NTLM Authentication on and working (and we are also in the way of
setting up Kerberos/SSPNEG), we would like to have NTLM and/or SSPNEG working
for the CMIS 1.1 browser binding, too.

My question is, has anyone worked around ALF-21129 and managed to provide e.g. NTLM
(or SSPNEG) authentication for the CMIS 1.1 browser binding on 4.2? Our demo setup
runs on Tomcat, so even a Tomcat-specific workaround would be acceptable at this

Of course, I would be delighted to hear when a fix for ALF-21129 is scheduled, too,
and whether this will only be available for 5.0.