Uploaded image for project: 'Alfresco'
  1. Alfresco
  2. ALF-21757

Kerberos SSO brokes WebDAV, SPP and CMIS authentication chain

          Details

          • Type: Bug
          • Status: Closed (View Workflow)
          • Priority: Unprioritized
          • Resolution: Not a bug
          • Affects Version/s: Community Edition 201605 GA
          • Fix Version/s: None
          • Component/s: Repository
          • Security Level: external (External user)
          • Labels:
            None

            Description

            We had a 4.2.c installation working for 3 years with following configuration

            authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap1:ldap-ad

kerberos.authentication.realm=KEENSOFT.LOCAL
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.defaultAdministratorUserNames=admin
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.cifs.password=keensoft
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.http.password=keensoft
kerberos.authentication.sso.enabled=true

            Users were accessing via IE browser with SSO but the other protocols (WebDAV, SPP and CMIS) were accepting basic auth.

            We are migrating to 5.1.g and we have applied the same configuration. Kerberos SSO is working, but the other protocols are producing a non ending loop of Kerberos challenges:

            Unable to find source-code formatter for language: bash. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
            2016-09-30 14:19:46,593 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-12] New Kerberos auth request from 172.19.0.1 (172.19.0.1:32952)
2016-09-30 14:19:46,593 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-12] Issuing login challenge to browser.
2016-09-30 14:19:46,632 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-6] New Kerberos auth request from 172.19.0.1 (172.19.0.1:32952)
2016-09-30 14:19:46,632 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] [http-apr-8080-exec-6] Issuing login challenge to browser.

            It seems that this feature has been broken in some point between 4.2.c and 5.1.g

              Attachments

                Issue Links

                is clone of

                Bug - A problem which impairs or prevents the functions of the product. ALF-21521 CMIS login loop when using Kerberos SSO

                • Major - Category 3 (https://ts.alfresco.com/share/s/0q-j7gG_T1OJZ2maU0mBuw)
                • Closed

                  Activity

                    People

                    • Assignee:
                      closedissues Closed Issues
                      Reporter:
                      angel.borroy Angel Borroy
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      3 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved:
                        Date of First Response: