Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-18676

Popup basic authentication window with External Authentication when custom header not present

    Details

    • Bug Priority:
      Category 1
    • ACT Numbers:

      00912697

      Description

      [Description]

      Stack:

      Alfresco Version: 5.2.0 and 5.2.1
      Database: MariaDB
      OS: RHEL
      App Server: Tomcat

      This customer has an authentication chain that is configured as follows for Alfresco Content Services 5.2.0:

      authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm

      They have no issue with the external authentication when the custom header is present. They are seeing an issue when the header is not present. When a user who does not have the custom header tries to login to Alfresco, a browser popup for authentication is displayed. The user cannot proceed past this dialog, even when entering in the correct credentials. They have to select cancel and then they are properly forwarded to the SSO login by-pass page.

      Customer noted in the SSOAuthenticationFilter class, if the header does not exist challengeOrPassThrough method is called, instead of redirectToLoginPage method. They feel this is why the popup is being shown. The customer is a Partner, has a go-live date of mid-October 2017, this issue is preventing them from going to production.

      [Steps to reproduce]

      1. Configure Alfresco 5.2.0 out of the box for external authentication and NTLM authentication.
      2. Sync or create some test users.
      3. Using a browser based header modification add-on, add custom header and enable it
      4. Login with header, this should work fine.
      5. Clear cache and history.
      6. Disable the custom header from your browser based header add-on.
      7. Refresh the page.

      [Expected Behavior]

      You should automatically be forwarded to the Share SSO login bypass page:
      _http://localhost:8080/share/page/type/login_

      [Observed Behavior]

      Browser based authentication popup or dialog appears. Adding correct login information does not let you proceed, you can only proceed by cancelling this dialog. Then you re redirected to the Share SSO login bypass page: _http://localhost:8080/share/page/type/login_

      [Notes]

      This issue was reproducible with Chrome, FF, and IE with both 5.2.0 and 5.2.1.

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedissues Closed Issues
                  Reporter:
                  spatel Satyan Patel
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel