This URL for my alfresco gives lots of 401 error code. Where do I need to look into for this?
Which file I need to verify or correct to resolve this? it seems SSO touch base URL /alfresco/wcs/touch
Problem with this is, if I try to fire URL myhost:8080/alfresco/wcs/touch
server goes into loop executing this url in infinite loop and my monitoring system (NewRelic) trigger alert for High percentage of Error
What could be solution to prevent this ? this is now headache and I am not aware about solution or alternative by looking this SSO touch base.
I tried below
#1. Trying excluding url in LocalConfig.conf (SiteMinder config) - > IgnoreURL = "/alfresco/wcs/"
#2. Tried checking F5 for port 8080
#3. Checked configuration in server.xml in tomcat
But issue still persist. Please guide.
When you are using SiteMinder (you should have mentioned that in the original post) then it could be that - for some reason - the user header is simply no longer included in the HTTP request and can thus not be forwarded from Share to the Repository-backend. Or it is stripped from the request from Share to Repository (if you are routing that through F5 / proxy with SiteMinder) to fend off attempts of impersonation (i.e. as if a user constructed a request with SiteMinder user ID header already added).
Thanks Axel for quick response,
But this is my production server , where my end user obvious using LB URL instead direct host. So I must enable siteminder login to them.
I can't disable that. But is there any way to prevent such throttle request (high error rate) prevention or configuration that I can perform?
A 401 on the /touch operation is perfectly normal. The SSO handshake has to start somewhere and what Share is doing is calling the /touch operation to check if SSO is enabled - if SSO is enabled, the /touch operation will send the 401 with the appropriate WWW-Authenticate header to indicate to the client which type of authentication is required (NTLM / SPNEGO). The only way to prevent the 401s in this case would be to disable SSO altogether...
So finally I need to exclude this alert from newrelic to avoid this confusion. I do not want my client see this alert frequently with high error rate. as you said it is valid 401 code for SSO handshake.
Retrieving data ...