Uploaded image for project: 'Alfresco'
  1. Alfresco
  2. ALF-21757

Kerberos SSO brokes WebDAV, SPP and CMIS authentication chain

          Details

          • Type: Bug
          • Status: Closed (View Workflow)
          • Priority: Unprioritized
          • Resolution: Not a bug
          • Affects Version/s: Community Edition 201605 GA
          • Fix Version/s: None
          • Component/s: Repository
          • Security Level: external (External user)
          • Labels:
            None
          • Security Severity:
            None

            Description

            We had a 4.2.c installation working for 3 years with following configuration

            authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap1:ldap-ad

kerberos.authentication.realm=KEENSOFT.LOCAL
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.defaultAdministratorUserNames=admin
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.cifs.password=keensoft
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.http.password=keensoft
kerberos.authentication.sso.enabled=true

            Users were accessing via IE browser with SSO but the other protocols (WebDAV, SPP and CMIS) were accepting basic auth.

            We are migrating to 5.1.g and we have applied the same configuration. Kerberos SSO is working, but the other protocols are producing a non ending loop of Kerberos challenges:

            Unable to find source-code formatter for language: bash. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
            2016-09-30 14:19:46,593 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-12] New Kerberos auth request from 172.19.0.1 (172.19.0.1:32952)
2016-09-30 14:19:46,593 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-12] Issuing login challenge to browser.
2016-09-30 14:19:46,632 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-6] New Kerberos auth request from 172.19.0.1 (172.19.0.1:32952)
2016-09-30 14:19:46,632 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-6] Issuing login challenge to browser.

            It seems that this feature has been broken in some point between 4.2.c and 5.1.g

              Attachments

                Issue Links

                is clone of

                Bug - A problem which impairs or prevents the functions of the product. ALF-21521 CMIS login loop when using Kerberos SSO

                • Major - Category 3 (https://ts.alfresco.com/share/s/0q-j7gG_T1OJZ2maU0mBuw)
                • Closed

                  Activity

                  Ascending order - Click to sort in descending order
                  Hide
                  Permalink
                  resplin Richard Esplin added a comment -

                  Is this the same issue reported in MNT-15866 and ALF-21607?

                  We released a fix for it in Alfresco Community Edition 201609 EA. If you can reproduce it on that release we will look into it further.

                  Thanks for the report.

                  Show
                  resplin Richard Esplin added a comment - Is this the same issue reported in MNT-15866 and ALF-21607 ? We released a fix for it in Alfresco Community Edition 201609 EA. If you can reproduce it on that release we will look into it further. Thanks for the report.
                  Hide
                  Permalink
                  angel.borroy Angel Borroy added a comment -

                  No, it's the same issue as ALF-21521.

                  As it has been catalogued as "Won't fix", you can catalogue this as "Won't fix".

                  I'm going to evaluate the alternative given by Kevin.

                  Thanks

                  Show
                  angel.borroy Angel Borroy added a comment - No, it's the same issue as ALF-21521 . As it has been catalogued as "Won't fix", you can catalogue this as "Won't fix". I'm going to evaluate the alternative given by Kevin. Thanks
                  Hide
                  Permalink
                  angel.borroy Angel Borroy added a comment -

                  Successfully tested workaround from https://issues.alfresco.com/jira/browse/ALF-21521?focusedCommentId=455759&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-455759

                  From my point of view, this issue can be closed.

                  Show
                  angel.borroy Angel Borroy added a comment - Successfully tested workaround from https://issues.alfresco.com/jira/browse/ALF-21521?focusedCommentId=455759&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-455759 From my point of view, this issue can be closed.

                    People

                    • Assignee:
                      closedissues Closed Issues
                      Reporter:
                      angel.borroy Angel Borroy
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      3 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved:
                        Date of First Response: