Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-17226

When Kerberos SSO is enabled, accessing documents via AOS breaks WebClient UI customisations and shows a simple Windows Explorer dialog



      [Technical Description of the issue]
      When Kerberos SSO is enabled, accessing documents via AOS breaks WebClient UI customisations and shows a simple Windows Explorer dialog

      [Steps to reproduce]
      1. Install Alfresco
      2. Configure Kerberos SSO (as per docs http://docs.alfresco.com/5.1/tasks/auth-kerberos-shareSSO.html)
      3. Add Alfresco to Trusted sites in IE for SSO to work
      4. Open Word from a domain joined PC
      5. Go to Open document, enter http://<alfresco>/alfresco/aos URL

      [Expected Behaviour]
      Single sing on works, users see the Sharepoint Webclient UI in Word open dialog and the can navigate to desired location.

      [Observed Behaviour]
      When SSO is enabled, standard Windows Open dialog is shown (see TSE_Kerberos_enabled_Word 2016-aos.jpg) instead of WebClient UI. Disabling SSO introduces Basic Authentication and upon authentication the user is represented with a standard Sharepoint Webclient UI (see screenshot tse_working-webui_aos_sites)

      [Analysis to date]
      Testing is performed locally using TSE instance of Alfresco 5.1.1 and Word 2016 (version 16.0.4566.1003 32bit)
      It seems that as soon SSO is enabled WebUI stops being displayed and Fiddler traces look a bit different. It's unclear if this issue is related to MNT https://issues.alfresco.com/jira/browse/MNT-16931

      [Supporting evidence]

      • working WebUI SSO disabled - tse_working-webui_aos_sites
      • not working WebUI - SSO enabled - TSE_Kerberos_enabled_Word 2016-aos + TSE_Kerberos_enabled_Word2016-aos_sites
        Fiddler traces (sso enabled, sso disabled from TSE:
      • tse_word2016_kerberos_sso.saz
      • tse_word2016_no_sso.saz
        _Fiddler traces from the customer (SSO enabled, SSO disabled)
        _- SSO enabled - caritas_sso_enabled.saz
      • SSO disabled - caritas_sso_disabled.saz
        JMX dump from the customer
      • caritas_jmxdump_2016_11_16

      As discussed with Stefan Kopf over Skype I’m also attaching example Fiddler traces from the domain joined PC with the same version of Word accessing Sharepoint 2013 in two configurations:

      • Sharepoint SSO disabled so Basic Auth is used - name of file reference_sharepoint2013_word2016_basicauth.saz
      • internet explorer SSO Integrated Windows Authentication enabled - name of file: reference_sharepoint2013_kerberos.saz - name of file reference_sharepoint2013_word2016_wia.saz

      In both cases UI is displayed correctly - screenshots:

      • reference_sharepoint2013_word2016-docLibrary
      • reference_sharepoint2013_word2016-Sites


          Issue Links




                • Assignee:
                  closedbugs Closed Bugs (Inactive)
                  dsamarzija Dario Samarzija
                • Votes:
                  0 Vote for this issue
                  4 Start watching this issue


                  • Created:

                    Time Tracking

                    Original Estimate - Not Specified
                    Not Specified
                    Remaining Estimate - 0 minutes
                    Time Spent - 1 day

                      Structure Helper Panel