Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Unprioritized
-
Resolution: Not a bug
-
Affects Version/s: Community Edition 201605 GA
-
Fix Version/s: None
-
Component/s: Repository
-
Security Level: external (External user)
-
Labels:None
Description
We had a 4.2.c installation working for 3 years with following configuration
authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap1:ldap-ad
kerberos.authentication.realm=KEENSOFT.LOCAL
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.defaultAdministratorUserNames=admin
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.cifs.password=keensoft
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.http.password=keensoft
kerberos.authentication.sso.enabled=true
Users were accessing via IE browser with SSO but the other protocols (WebDAV, SPP and CMIS) were accepting basic auth.
We are migrating to 5.1.g and we have applied the same configuration. Kerberos SSO is working, but the other protocols are producing a non ending loop of Kerberos challenges:
2016-09-30 14:19:46,593 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-12] New Kerberos auth request from 172.19.0.1 (172.19.0.1:32952) 2016-09-30 14:19:46,593 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-12] Issuing login challenge to browser. 2016-09-30 14:19:46,632 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-6] New Kerberos auth request from 172.19.0.1 (172.19.0.1:32952) 2016-09-30 14:19:46,632 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-6] Issuing login challenge to browser.
It seems that this feature has been broken in some point between 4.2.c and 5.1.g
Attachments
Issue Links
- is clone of
-
ALF-21521 CMIS login loop when using Kerberos SSO
-
- Closed
-