AnsweredAssumed Answered

NTLM SSO   sometile  failes  using  IE 11g on alfreco  share   4.2.4 on Windows  2008 R2

Question asked by oscar_2016 on Apr 24, 2017

Hello

We  are using  alfresco  enterprise  4.2.4 on Windows  2008 R2 and  using  NTLM  SSO. the  end user  are  accessing  share  by  IE 11,  randomly  the  authentication    fails.

In the middle of  a session   randomly  the  Windows  security pop up  is  display prompting  for  credentials   

What  I  have been  able to  reproduce the  error  and what see   is that t   on pages that are slow to display   

 

IE request to repeat authentication. When  the Windows pop –up  prompt   for  credential  is

Because IE   received the challenge from alfresco but did not encrypt it with the hash of the  user  password and  included it in the an Authorization: NTLM header of the   following http  request,, this way the authentication fails since Alfresco cannot get the challenged  encrypted by IE to send it to the domain controller jointly with the challenge, UserName, ComputerName, and Domain.

 

 

See    below  error in Tomcat  log.

I  wonder  if  anyone else  has  experienced  this  issue.      

 

 

In the tomcat log the following error is logged which in my opinion is misleading, as in IE  the  cookies  are  enabled.. 

 

app.servlet.NTLMAuthenticationFilter] [http-apr-8888-exec-33] restartLoginChallenge...

2017-04-22 00:18:30,137  WARN  [app.servlet.NTLMAuthenticationFilter] [http-apr-8888-exec-30] Authentication failed: NTLM details cannot be retrieved from session. Client must support cookies.

2017-04-22 00:18:30,137  DEBUG [app.servlet.NTLMAuthenticationFilter] [http-apr-8888-exec-30] restartLoginChallenge...

Outcomes