-
Type:
Service Pack Request
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 5.0.2, 5.1
-
Fix Version/s: 5.1.1
-
Component/s: Repository Authentication and SSO, Share Application
-
Environment:Application version - 5.1
Application Server - Websphere
Database - DB2
Authentication - External,LDAP
-
Bug Priority:
Category 2
-
ACT Numbers:
00649718 Premier, 00652034
This premier customer has setup external SSO authentication (IBM Webseal) as part of their upgrade to 5.1. All the user profiles are imported from an LDAP server where some usernames are uppercase and some are lowercase. With uppercase usernames they can able to login to Share fine but if they click on “Home” link in Share it goes on to a HTTP 302 infinite loop with the message "page isn't working" or "The page isn't redirecting properly" (depending on the browser). The issue is very much similar to the JIRA - https://issues.alfresco.com/jira/browse/MNT-13602 which is Kerberos related. I can able to replicate the issue in my local instance using External Authentication (using Modify Headers add on for Firefox and Google chrome browsers). This does looks like a bug, so is there a way that Alfresco can handle both the uppercase and lowercase usernames using External authentication?
There is no issue if the username is lowercase, users can login to Share and navigate around without any issues.
Steps to reproduce
1) Login to Alfresco Share as an Admin. Create a user which has uppercase username (for example - UPPERCASE)
2) Setup External Authentication in an Alfresco instance (used header mechanism, since it's easy to setup). authentication.chain will be something like - authentication.chain=use-headers:external,alfrescoNtlm1:alfrescoNtlm. Restart Alfresco instance once all changes related to External auth is done.
3) Open up Google chrome and install "Modify Headers for Google Chrome" extension. Add a new header "SsoUserHeader" with value "uppercase" and enable it using the appropriate button. Restart the browser.
4) Login to Alfresco Share - http://localhost:8080/share, the user "UPPERCASE" is logged in.
5) Click on the "Home" link. The localhost page isn’t working, localhost redirected you too many times message is displayed in the browser.
Expected Behaviour
User's Personal dashboard is displayed
Observed Behaviour
Infinite HTTP 302 redirect loop
- relates to
-
MNT-13602
infinite 302 HTTP redirect loop when using kerberos with stripUsernameSuffix set to false
- Closed
