AnsweredAssumed Answered

Share secure login

Question asked by abraxas on Jun 9, 2011
Hello,

I'm interested in how to set up ssl/https for the Share login page only.
So far I've set up apache to connect to alfresco using mod_jk and mod_ssl
for handling the ssl connection. That part is working fine (I can use alf-explorer and share over https),
but when i tried to configure the secure connection for the share login page only I've run into a couple of issues.

1. After switching back to http from the https login page the session cookie is not being
transfered and I have to login over http. Is there an easy way to transfer the cookie after switching to http?
Is there maybe some other way to accomplish this ?

My config for this looks as follows:

Apache Virtual Hosts

<VirtualHost *:80>
ServerName www.alfresco.test
RewriteEngine On
RewriteLogLevel 3
RewriteLog "/var/log/apache2/rewrite.log"

#Redirect from the normal logon page to https
Redirect permanent /share/page/site-index https://www.alfresco.test/share/page/site-index

JkMount /share/* worker1
JkMount /share worker1
JkMount /alfresco/* worker1
JkMount /alfresco worker1
</VirtualHost>

Listen 443
<VirtualHost *:443>
    ServerName www.alfresco.test
    LogLevel debug
    DocumentRoot /home/alfresco/alfresco/tomcat/webapps
    <Directory  /home/alfresco/alfresco/tomcat/webapps>
        SSLRequireSSL
        Order Deny,Allow
        Allow from All       
    </Directory>
    ErrorLog  /home/alfresco/alfresco/logs/error.log
    CustomLog /home/alfresco/alfresco/logs/access.log combined

    SSLEngine on
    #Selfsigned certificates for testing
    SSLCertificateFile home/alfresco/alfresco/alfresco/ssl.alfresco/cert/server.crt
    SSLCertificateKeyFile  home/alfresco/alfresco/alfresco/ssl.alfresco/cert/server.key

    SSLOptions StrictRequire
    SSLProtocol all -SSLv2

    ### Only allow SSLv3 and TLSv1 and HIGH/MED encryption.
    SSLCipherSuite -ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+TLSv1:+SSLv3:-EXP:-eNULL
      SSLProtocol -all +SSLv3 +TLSv1

    JkMountCopy On
    JkMount /alfresco worker1
    JkMount /alfresco/* worker1
    JkMount /share worker1
    JkMount /share/* worker1

    #Redirect back to http after login
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/share/page/user/
    RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [L]
  
</VirtualHost>


2. There is no fixed login page, meaning that one can log in by going to any page inside Share which will
open a login dialog if no current session exits. I would like to change this behavior and redirect a user to
share/page/site-index if no current session exists. I've searched the forum and found a suggestion to modify
org.alfresco.web.app.servlet.AuthenticationFilter to redirect to a certain page (http://forums.alfresco.com/en/viewtopic.php?t=13799).
Would such a modification also affect the share login behavior do i have to modify some other class ?

Outcomes