baikal

Unable to retrieve License information from Alfresco: 401

Discussion created by baikal on Apr 21, 2017

Hi guys! I have problems configuring kerberos. I can not log in when SSO is enabled, browser just keeps prompting me for credentials and when I enter them several times all I see is an empty screen with simple+smart logo. When SSO is disabled I'm able to log in but can not access cifs\webdav shared folder and edit documents online (word prompts for password 3-4 times but doesn't open a document). The funny thing is I already have one alfresco server running kerberos and it works fine. Both servers have the same configuration and I gust don't get what might be wrong.

The only error in the logs appears with enabled SSO:

Unable to retrieve License information from Alfresco: 401 (it's not even an error just an information message)

 

Can anyone give me a tip what might be wrong with my config?

 

Kerberos portion from alfresco-global.properties:

 

authentication.chain=ldap1:ldap-ad,kerberos1:kerberos

ntlm.authentication.sso.enabled=true

ldap.authentication.active=false
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://server.mydomain.com:389

 

ldap.synchronization.active=true
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.java.naming.security.authenticaton=simple
ldap.synchronization.java.naming.security.principal=user@dmydomain.com
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=dc=mydomain,dc=com 
ldap.synchronization.userSearchBase=dc=mydomain,dc=com

 

### Kerberos properties ###
kerberos.authentication.sso.enabled=true
kerberos.authentication.defaultAdministratorUserNames=admin
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.cifs.configEntryName=AlfnewCIFS
kerberos.authentication.cifs.password=pass1
kerberos.authentication.http.configEntryName=AlfnewHTTP
kerberos.authentication.http.password=pass2
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.realm=MYDOMAIN.RU
kerberos.authentication.stripUsernameSuffix=true
kerberos.authentication.browser.ticketLogons=true
kerberos.authentication.sso.fallback.enabled=true

 

SSO from share-config.custom

 

<!-- Security warning -->
<!-- For production environment set verify-hostname to true.-->

<config evaluator="string-compare" condition="Remote">
<remote>
<ssl-config>
<keystore-path>alfresco/web-extension/alfresco-system.p12</keystore-path>
<keystore-type>pkcs12</keystore-type>
<keystore-password>alfresco-system</keystore-password>

<truststore-path>alfresco/web-extension/ssl-truststore</truststore-path>
<truststore-type>JCEKS</truststore-type>
<truststore-password>password</truststore-password>

<verify-hostname>true</verify-hostname>
</ssl-config>

<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>

<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>

 

<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:80/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>

<endpoint>
<id>alfresco-feed</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:80/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>

<endpoint>
<id>alfresco-api</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Public API - user access</name>
<description>Access to Alfresco Repository Public API that require user authentication.
This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:80/alfresco/api</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>

Outcomes