AnsweredAssumed Answered

Difference between platform endpoints?

Question asked by idwright on Jan 13, 2017
Latest reply on Jan 13, 2017 by afaust

I haven't found any documentation about this so I thought I'd ask a question.

 

(I have all this working, I'm just trying to understand it all a bit better)

 

My aim is to have SSO set up and configured - share is relatively straightforward but I'm trying to understand the detail behind the platform/repo endpoints as the documentation doesn't really cover this.

 

I think the only URL I need to expose is: /alfresco/s/admin/admin-communitysummary (or /alfresco/s/enterprise/admin)

 

The information for configuring a proxy Configuring SSL for a production environment | Alfresco Documentation is pretty good here but I think the /alfresco mount point exposes rather more than is necessary these days

I think /alfresco would be better as:

JkMount /alfresco/s/admin alfresco-worker
JkMount /alfresco/s/admin/* alfresco-worker
JkMount /alfresco/admin/css/* alfresco-worker

 

(For enterprise add /service/enterprise/admin/* and /s/enterprise/admin/* ?)

 

(And if you're using the nice new ootb support tools extension

JkMount /alfresco/s/ootbee/* alfresco-worker
JkMount /alfresco/ootbee-support-tools/* alfresco-worker

)

 

The implication here is that these, or at least /alfresco/.../admin, are the endpoints that need to be covered by SSO at the alfresco level (have I missed anything?) + the ones for public API access if you want those

 

The authentication mappings in alfresco/WEB-INF/web.xml seem to have changed a fair bit recently

(a clue! - there is a CSRF token filter on /service/enterprise/admin/* and /s/enterprise/admin/*)

There appear to be authentication filters around /wcs and /wcservice, as well as /api, /webdav and /cmisatom

 

The documentation on configuration the SSO endpoint (incidentally the examples don't even all have the same number of endpoints listed...) Configuring Alfresco Share to use an external SSO | Alfresco Documentation (code doesn't match text...), Configuring the Share default port | Alfresco Documentation  and Configuring the Share default port | Alfresco Documentation has for a long time said to use the wcs endpoint in share-custom-config.xml when external auth is being used, however now I believe that the s endpoint is recommended (although it's not entirely clear) e.g. [ACE-5661] External authentication Problem with CAS - Alfresco JIRA (and other issues) see the comment from Kevin Roast

 

So this is a rather long winded way of asking what is the purpose of the /wcs endpoint and how does it differ from the /s endpoint? (obviously there are authentication filters in front of /wcs)

Outcomes