5.2.0 and 5.2.1
This customer has an authentication chain that is configured as follows for Alfresco Content Services 5.2.0:
They have no issue with the external authentication when the custom header is present. They are seeing an issue when the header is not present. When a user who does not have the custom header tries to login to Alfresco, a browser popup for authentication is displayed. The user cannot proceed past this dialog, even when entering in the correct credentials. They have to select cancel and then they are properly forwarded to the SSO login by-pass page.
Customer noted in the SSOAuthenticationFilter class, if the header does not exist challengeOrPassThrough method is called, instead of redirectToLoginPage method. They feel this is why the popup is being shown. The customer is a Partner, has a go-live date of mid-October 2017, this issue is preventing them from going to production.
[Steps to reproduce]
- Configure Alfresco 5.2.0 out of the box for external authentication and NTLM authentication.
- Sync or create some test users.
- Using a browser based header modification add-on, add custom header and enable it
- Login with header, this should work fine.
- Clear cache and history.
- Disable the custom header from your browser based header add-on.
- Refresh the page.
You should automatically be forwarded to the Share SSO login bypass page:
Browser based authentication popup or dialog appears. Adding correct login information does not let you proceed, you can only proceed by cancelling this dialog. Then you re redirected to the Share SSO login bypass page: _http://localhost:8080/share/page/type/login_
This issue was reproducible with Chrome, FF, and IE with both 5.2.0 and 5.2.1.