AnsweredAssumed Answered

How to pass Kerberos credential (ticket) to Alfresco through Open CMIS

Question asked by mykhailos on Sep 22, 2015
Latest reply on Sep 28, 2017 by tcuser
Hi Alfresco Team,

I have my Alfresco 5.0 server configured for LDAP Authentication. We have an application which communicate to Alfresco thought Open CMIS (version 0.11.0).

1) AtomPub binding Sample Code we are using in our app:
Map<String, String> parameters = new HashMap<String, String>();
parameters.put(SessionParameter.USER, user);
parameters.put(SessionParameter.PASSWORD, password);
parameters.put(SessionParameter.ATOMPUB_URL, url); // service document URL
CmisBindingFactory factory = CmisBindingFactory.newInstance();
CmisBinding binding = factory.createCmisAtomPubBinding(parameters);
2) Web Services binding Sample Code we are using in our app:
Map<String, String> parameters = new HashMap<String, String>();
parameters.put(SessionParameter.USER, username);
parameters.put(SessionParameter.PASSWORD, password);
parameters.put(SessionParameter.WEBSERVICES_REPOSITORY_SERVICE, repositoryServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_NAVIGATION_SERVICE, navigationServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_OBJECT_SERVICE, objectServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_VERSIONING_SERVICE, versioningServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_DISCOVERY_SERVICE, discoveryServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_RELATIONSHIP_SERVICE, relationshipServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_MULTIFILING_SERVICE, multiFilingServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_POLICY_SERVICE, policyServiceWsdlUrl);
parameters.put(SessionParameter.WEBSERVICES_ACL_SERVICE, aclServiceWsdlUrl);
CmisBindingFactory factory = CmisBindingFactory.newInstance();
CmisBinding binding = factory.createCmisWebServicesBinding(parameters);

By default Open CMIS use org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider, which sends username and password to Alfresco and it works fine with AtomPub and Web Services binding.

Now we configured Alfresco 5.0 server for KERBEROS Authentication, and it works fine. I'm not prompted to enter username and password when I login thought browser.
I am trying to call an Alfresco web service where I would like to use kerberos ticket (or kerberos related info) for authentication purpose. To do that we developed our Custom Authentication Provider as described https://chemistry.apache.org/java/developing/client/dev-client-bindings.html

Sample code we are using in our app to send Kerberos related info through org.example.opencmis.MyAuthenticationProvider:
Map<String, String> parameters = new HashMap<String, String>();
parameters.put(SessionParameter.AUTHENTICATION_PROVIDER_CLASS, "org.example.opencmis.MyAuthenticationProvider");

I'm interesting in what parameter should I put KERBEROS ticket for AtomPub and Web Services binding. My question is instead of passing user name and password directly is it possible to pass any kerberos ticket or any secured information related to it to make web service calls. I am trying to avoid sending the user name and password. Please help me if anyone has any idea about it

Outcomes