Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-18274

Share Connector - Request SSO token for Tenant Admin fails 401

    Details

    • Type: Service Pack Request
    • Status: Open (View Workflow)
    • Resolution: Unresolved
    • Affects Version/s: Alfresco Activiti 1.5.3
    • Fix Version/s: None
    • Component/s: APS Kickstart/Studio
    • Labels:
    • Environment:
      Activiti 1.5.3.1 MS-MT
    • Bug Priority:
      Category 3
    • ACT Numbers:

      00774096

    • Sprint:
      Docs Sprint 18

      Description

      Description

      Requesting the SSO token at the share connector service on behalf of a tenant admin returns back a 401 Unauthorized
      Since the tenant admin has administrator right over a tenant should receive a valid token.

      Replication Steps:

      1)Setup a MSMT 1.5.3
      example:
      a)Master Instance
      b)Tenant Database
      c)let the db join as tenant with

       curl -u admin@app.activiti.com -X POST -H 'Content-Type:application/json'  http://localhost:8080/activiti-app/api/enterprise/admin/tenants -d '{"name" : "act150_t1" , "configuration" : "tenant.admin.email=tadmin1@app.activiti.com\n    datasource.driver=org.postgresql.Driver\n    datasource.url=jdbc:postgresql://172.17.0.3:5432/activiti_tenant\n    datasource.username=alfresco\n    datasource.password=alfresco"}'
      

      Created tenant 'act150_t1' in tenant datasource (with id '1')

      Registered new user 'tadmin1@app.activiti.com' with tenant '1'

      2)Setup an Alfresco 5.1
      3)Apply the share connector 1.5.3 amps
      4)Add the Share Connector configuration as below in alfresco-global.properties
      activiti.domain=http://172.17.0.2:8081
      activiti.alfrescoRepositoryName=alfresco-1
      activiti.secret=connectorsecret
      5)Configure the LDAP in Alfresco
      authentication.chain=ldap1:ldap-ad
      ldap.authentication.java.naming.provider.url=ldap://192.168.15.128:389
      6)Configure and enable LDAP authentication in Activiti and start the instance
      ldap.authentication.enabled=true
      ldap.authentication.java.naming.provider.url=ldap://192.168.15.128:389
      7)Run Activiti
      8)Login in /activiti-app as LDAP Administrator
      9)Open Identity Management
      10)In Tenants, select the tenant 'act150_t1' from the dropdown.
      11)Edit the Alfresco Repository
      a)Name: Alfresco 5.1
      b)Repo URL: http://172.17.0.4:8082/alfresco
      c)Share URL: http://172.17.0.4:8082/share
      d)Version: 4.2 or higher
      e)Tick Share Connector
      d)Repository secret: connectorsecret
      12)Start Alfresco
      13)Ask Alfresco for the authentication token from Alfresco itself

       curl -v -X POST -H 'Content-Type:application/json' http://localhost:8080/alfresco/service/activiti/sso/alfresco-ticket -d '{ "secret": "connectorsecret", "username": "tadmin1@app.activiti.com" }' 
      

      Current Behavior:

      The response is a 401
      ?? "code" : 401,
      "name" : "Unauthorized",
      "description" : "The request requires HTTP authentication."
      "message" : "11200204 Username or secret is incorrect",
      "exception" : "org.springframework.extensions.webscripts.WebScriptException - 11200204 Username or secret is incorrect",??

      Find full response with stacktrace attached: tenadmin_call.txt
      In catalina.out: TRACE [alfresco.sso.AlfrescoTicketPost] [http-bio-9080-exec-10] User with username 'tadmin1@app.activiti.com' does not exist

      Response 200 using the full admin account

      Expected Behavior:

      A valid ticket should returned.

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  dgruber Doug Gruber
                  Reporter:
                  lmanzo Luigi Manzo [X] (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:

                    Structure Helper Panel