Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-12764

The X-Alfresco-Remote-User (SsoUserHeader) SSO code path executes x2 requests and is stateful when it does not need to be

    Details

      Description

      Share can be configured to use some kind of SSO remote-user header (commonly X-Alfresco-Remote-User or SsoUserHeader) and Alfresco set to use External auth first in the chain.

      However, this effectively executes x2 requests more than is needed and also is stateful when it does not need to be.

      This is because the SSOAuthenticationFilter uses the same Session based challenge/response code path for remote-user as it does for NTLM/Kerberos etc. This should be avoided as it means the /touch API is called before each and every request to the repo - hugely increasing the traffic between the web-tier and the repo-tier.

      The fix is to avoid calling /touch more than once per Share session for a Share user when the SSO remote-user header config is used and also to allow Remote configuration from Share that uses the stateless /service endpoint instead of the Session based /wcservice endpoint.

        Attachments

          Structure

            Activity

              People

              • Assignee:
                closedbugs Closed Bugs
                Reporter:
                kroast Kevin Roast [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Structure Helper Panel