Type: Service Pack Request
Status: Closed (View Workflow)
Resolution: Not a bug
Affects Version/s: 5.1.2
Fix Version/s: None
Environment:any with external
Share external authentication should work with any combination of (ajp,http)X(alfrescoCookie, alfrescoHeader)
MNT-16385 provided one fix to one of the 4 configuration paths.
But you have 4 paths to make work and do the QA on.
Platform work capture in
When a customer uses external authentication, that means he delegates the authentication stage to an external proxy.
Once that proxy authenticates a user, it can communicate the authenticated user username to the Share layer using two protocols: ajp or http (not considering https)
Then the share layer can communicate to the backend using alfrescoCookie or alfrescoHeader, that is in the share custom config using:
We have thus 4 scenarii to consider and make work:
1) proxy-> (ajp) -> share -> (alfrescoHeader) -> alfresco
2) proxy-> (ajp) -> share -> (alfrescoCookie) -> alfresco
3) proxy-> (http) -> share -> (alfrescoHeader) -> alfresco
4) proxy-> (http) -> share -> (alfrescoCookie) -> alfresco
in 4.2.0, 1) and 2) where working
in 5.1.0, 1) and 2) were failing
in 5.1.2, 1) is working 2) is failing
1) and 2) should both work.
1) see documentation
which documents well the AJP side.
which clearly states that both alfrescoHeader and alfrescoCookie should work (see the 2nd example) even the alfrescoHeader method is describes more in depth.
and documentation bug:
2) see share-config-custom.xml on 5.1.2 which uses alfrescoCookie as default in the SSO section.
3) attached ajprequest.py which can be used to test scenarii 1) and 2).
Scenarii 3) and 4) can be tested with curl -H "x-alfresco-remote-user: user5"...
we also need to use more than just one URL as testing with
is not enough;
We also need to test with api URLs like
5) this also affects 5.2.0 Early Access (5.2.0 (r133068-b1) schema 10,005.)