Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-19808

CMIS Browser Binding Authentication Does Not Work With Kerberos Enabled In Alfresco 5.2.2, 5.2.3 And 5.2.4

    Details

    • Bug Priority:
      Category 3
    • ACT Numbers:

      00965477 00982892

    • Regression Since:
      4.2

      Description

      Summary

      CMIS browser binding authentication fails in Alfresco 5.2.2 and 5.2.3 and 5.2.4 when Kerberos is in the authentication chain.

      Steps To Reproduce

      1. Install Alfresco 5.2.2 or Alfresco 5.2.3 or 5.2.4 and enable Kerberos
      2. Use CMIS command to obtain ticket i.e. curl -vk 'http://alftest:8080/alfresco/s/api/login' -X POST -d '{"username":"admin","password":"admin"}' -H "Content-type: application/json" and will receive:
        * About to connect() to alftest port 8080 (#0)
        * Trying 192.168.11.152...
        * Connected to myalf.mydomain.test (192.168.11.152) port 8080 (#0)
        > POST /alfresco/s/api/login HTTP/1.1
        > User-Agent: curl/7.29.0
        > Host: myalf.mydomain.test:8080
        > Accept: */*
        > Content-type: application/json
        > Content-Length: 39
        >
        * upload completely sent off: 39 out of 39 bytes
        < HTTP/1.1 200 OK
        < Server: Apache-Coyote/1.1
        < Cache-Control: no-cache
        < Expires: Thu, 01 Jan 1970 00:00:00 GMT
        < Pragma: no-cache
        < Content-Type: application/json;charset=UTF-8
        < Content-Length: 79
        < Date: Thu, 05 Jul 2018 16:53:35 GMT
        <
        {
        "data":
        {
        "ticket":"TICKET_6d322a7f83d1f0b27b635066e1c23d9955f621c0"
        }
        * Connection #0 to host alftest left intact
      1. Use ticket obtained from 2. to authenticate i.e. curl vk 'http://alftest:8080/alfresco/api/-default/public/cmis/versions/1.1/browser?alf_ticket=TICKET_6d322a7f83d1f0b27b635066e1c23d9955f621c0' which will result in (note 401 error):
      curl -vk 'http://alftest:8080/alfresco/api/-default-/public/cmis/versions/1.1/browser?alf_ticket=TICKET_6d322a7f83d1f0b27b635066e1c23d9955f621c0'
      * About to connect() to myalf.mydomain.test port 8080 (#0)
      * Trying 192.168.11.152...
      * Connected to alftest (192.168.11.152) port 8080 (#0)
      > GET /alfresco/api/-default-/public/cmis/versions/1.1/browser?alf_ticket=TICKET_6d322a7f83d1f0b27b635066e1c23d9955f621c0 HTTP/1.1
      > User-Agent: curl/7.29.0
      > Host: alftest:8080
      > Accept: */*
      >
      < HTTP/1.1 401 Unauthorized
      < Server: Apache-Coyote/1.1
      < Set-Cookie: JSESSIONID=6AAB0F2DBD42E5C027E26E0EEBC100C1; Path=/alfresco; HttpOnly
      < WWW-Authenticate: Negotiate
      < Content-Type: text/html;charset=UTF-8
      < Content-Length: 134
      < Date: Thu, 05 Jul 2018 16:54:13 GMT
      <
      <html><head>
      </head><body><p>Please <a href="/alfresco/api/-default-/public/cmis/versions/1.1/browser">log in</a>.</p>
      </body></html>
      * Connection #0 to host alftest left intact
      1. Stop Alfresco and remove Kerberos from authentication chain.
      2. Repeat Steps 2-3. Result will be:
        url -vk 'http://alftest:8080/alfresco/s/api/login' -X POST -d '{"username":"admin","password":"admin"}' -H "Content-type: application/json"
        * About to connect() to alftest port 8080 (#0)
        *   Trying 192.168.11.152...
        * Connected to alftest (192.168.11.152) port 8080 (#0)
        > POST /alfresco/s/api/login HTTP/1.1
        > User-Agent: curl/7.29.0
        > Host: alftest:8080
        > Accept: */*
        > Content-type: application/json
        > Content-Length: 39
        >
        * upload completely sent off: 39 out of 39 bytes
        < HTTP/1.1 200 OK
        < Server: Apache-Coyote/1.1
        < Cache-Control: no-cache
        < Expires: Thu, 01 Jan 1970 00:00:00 GMT
        < Pragma: no-cache
        < Content-Type: application/json;charset=UTF-8
        < Content-Length: 79
        < Date: Tue, 10 Jul 2018 16:22:25 GMT
        <
        {
            "data":
            {
                "ticket":"TICKET_997c99267d413e451cad918d7d1087c2ac884b32"
            }
        * Connection #0 to host alftest left intact
        }[root@myalf alfresco-5.2.2]# curl -vk 'http://alftest:8080/alfresco/api/-default-/public/cmis/versions/1.1/browser?alf_ticket=TICKET_997c99267d413e451cad918d7d1087c2ac884b32'
        * About to connect() to myalf.mydomain.test port 8080 (#0)
        *   Trying 192.168.11.152...
        * Connected to alftest (192.168.11.152) port 8080 (#0)
        > GET /alfresco/api/-default-/public/cmis/versions/1.1/browser?alf_ticket=TICKET_997c99267d413e451cad918d7d1087c2ac884b32 HTTP/1.1
        > User-Agent: curl/7.29.0
        > Host: myalf.mydomain.test:8080
        > Accept: */*
        >
        < HTTP/1.1 200 OK
        < Cache-Control: private, max-age=0
        < Server: Apache-Chemistry-OpenCMIS/1.0.0
        < Content-Type: application/json;charset=UTF-8
        < Transfer-Encoding: chunked
        < Date: Tue, 10 Jul 2018 16:22:58 GMT
        <
        {"-default-":{"repositoryId":"-default-","repositoryName":"","repositoryDescription":"","vendorName":"Alfresco","productName":"Alfresco Enterprise","productVersion":"5.2.2 (r73ead3c7-b41)","rootFolderId":"8e1b3459-60c8-4491-8e5c-b4ec596bc42a","capabilities":{"capabilityContentStreamUpdatability":"anytime","capabilityChanges":"none","capabilityRenditions":"read","capabilityGetDescendants":true,"capabilityGetFolderTree":true,"capabilityMultifiling":true,"capabilityUnfiling":false,"capabilityVersionSpecificFiling":false,"capabilityPWCSearchable":false,"capabilityPWCUpdatable":true,"capabilityAllVersionsSearchable":false,"capabilityOrderBy":null,"capabilityQuery":"bothcombined","capabilityJoin":"none","capabilityACL":"manage"},"aclCapabilities":{"supportedPermissions":"both","propagation":"propagate","permissions":[{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Administrator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Administrator"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadProperties","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadProperties"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._DeleteAssociations","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._DeleteAssociations"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.AddChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.AddChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._CreateChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._CreateChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Editor","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Editor"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.RecordAdministrator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.RecordAdministrator"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Contributor","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Contributor"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._WriteProperties","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._WriteProperties"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.LinkChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.LinkChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.WriteContent","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.WriteContent"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ExecuteContent","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ExecuteContent"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable._Unlock","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable._Unlock"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Delete","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Delete"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Coordinator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Coordinator"},{"permission":"{http:\/\/www.alfresco.org\/model\/site\/1.0}site.SiteContributor","description":"{http:\/\/www.alfresco.org\/model\/site\/1.0}site.SiteContributor"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}ownable.TakeOwnership","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}ownable.TakeOwnership"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadAssociations","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadAssociations"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Coordinator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Coordinator"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Consumer","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Consumer"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Collaborator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Collaborator"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}ownable._SetOwner","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}ownable._SetOwner"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.RecordAdministrator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.RecordAdministrator"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._CreateAssociations","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._CreateAssociations"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Write","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Write"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}workingcopy.CancelCheckOut","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}workingcopy.CancelCheckOut"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Collaborator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Collaborator"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadPermissions","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadPermissions"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteAssociations","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteAssociations"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/site\/1.0}site.SiteConsumer","description":"{http:\/\/www.alfresco.org\/model\/site\/1.0}site.SiteConsumer"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.FullControl","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.FullControl"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadProperties","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadProperties"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.Lock","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.Lock"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Editor","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Editor"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Consumer","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Consumer"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.WriteProperties","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.WriteProperties"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Coordinator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Coordinator"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._DeleteChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._DeleteChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.CreateChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.CreateChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Contributor","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Contributor"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.CheckOut","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.CheckOut"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ChangePermissions","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ChangePermissions"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Collaborator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Collaborator"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._LinkChildren","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._LinkChildren"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.Unlock","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.Unlock"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteNode","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteNode"},{"permission":"{http:\/\/www.alfresco.org\/model\/site\/1.0}site.SiteCollaborator","description":"{http:\/\/www.alfresco.org\/model\/site\/1.0}site.SiteCollaborator"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._WriteContent","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._WriteContent"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ChangePermissions","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ChangePermissions"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Read","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Read"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadPermissions","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadPermissions"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadContent","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadContent"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Contributor","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}cmobject.Contributor"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ExecuteContent","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ExecuteContent"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadContent","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._ReadContent"},{"permission":"{http:\/\/www.alfresco.org\/model\/site\/1.0}site.SiteManager","description":"{http:\/\/www.alfresco.org\/model\/site\/1.0}site.SiteManager"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Editor","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}content.Editor"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.RecordAdministrator","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.RecordAdministrator"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Consumer","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}folder.Consumer"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable._Lock","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable._Lock"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Execute","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Execute"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._DeleteNode","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base._DeleteNode"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.CreateAssociations","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.CreateAssociations"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}workingcopy.CheckIn","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}workingcopy.CheckIn"},{"permission":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadAssociations","description":"{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadAssociations"},{"permission":"{http:\/\/www.alfresco.org\/model\/content\/1.0}ownable.SetOwner","description":"{http:\/\/www.alfresco.org\/model\/content\/1.0}ownable.SetOwner"},{"permission":"{http:\/\/www.alfresco.org\/model\/security\/1.0}All.All","description":"{http:\/\/www.alfresco.org\/model\/security\/1.0}All.All"},{"permission":"cmis:read","description":"CMIS Read"},{"permission":"cmis:write","description":"CMIS Write"},{"permission":"cmis:all","description":"CMIS All"}],"permissionMapping":[{"key":"canUpdateProperties.Object","permission":["cmis:write","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.WriteProperties"]},{"key":"canGetProperties.Object","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadProperties"]},{"key":"canAddToFolder.Folder","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.CreateChildren"]},{"key":"canCreateDocument.Folder","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.CreateChildren"]},{"key":"canCheckout.Document","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.CheckOut"]},{"key":"canGetAllVersions.VersionSeries","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Read"]},{"key":"canRemovePolicy.Object","permission":["cmis:write","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Write"]},{"key":"canRemovePolicy.Policy","permission":["cmis:read"]},{"key":"canViewContent.Object","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadContent"]},{"key":"canCheckin.Document","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.CheckIn"]},{"key":"canGetParents.Folder","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadProperties"]},{"key":"canRemoveFromFolder.Object","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteNode"]},{"key":"canGetACL.Object","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadPermissions"]},{"key":"canDelete.Object","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteNode"]},{"key":"canApplyACL.Object","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ChangePermissions"]},{"key":"canCreateFolder.Folder","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.CreateChildren"]},{"key":"canMove.Object","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteNode"]},{"key":"canAddPolicy.Object","permission":["cmis:write","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.Write"]},{"key":"canAddPolicy.Policy","permission":["cmis:read"]},{"key":"canGetAppliedPolicies.Object","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadProperties"]},{"key":"canGetDescendents.Folder","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadChildren"]},{"key":"canGetChildren.Folder","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadChildren"]},{"key":"canSetContent.Document","permission":["cmis:write","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.WriteContent"]},{"key":"canDeleteContent.Document","permission":["cmis:write","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.WriteContent"]},{"key":"canMove.Target","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.CreateChildren"]},{"key":"canAddToFolder.Object","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadProperties"]},{"key":"canCancelCheckout.Document","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/content\/1.0}lockable.CancelCheckOut"]},{"key":"canGetFolderParent.Object","permission":["cmis:read","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.ReadProperties"]},{"key":"canDeleteTree.Folder","permission":["cmis:all","{http:\/\/www.alfresco.org\/model\/system\/1.0}base.DeleteNode"]}]},"latestChangeLogToken":null,"cmisVersionSupported":"1.1","changesIncomplete":true,"changesOnType":["cmis:document","cmis:folder"],"principalIdAnonymous":"guest","principalIdAnyone":"GROUP_EVERYONE",* Connection #0 to host myalf.mydomain.test left intact
        "extendedFeatures":[{"id":"http:\/\/docs.oasis-open.org\/ns\/cmis\/extension\/datetimeformat","url":"https:\/\/www.oasis-open.org\/committees\/tc_home.php?wg_abbrev=cmis","commonName":"Browser Binding DateTime Format","versionLabel":"1.0","description":"Adds an additional DateTime format for the Browser Binding."}],"repositoryUrl":"http:\/\/myalf.mydomain.test:8080\/alfresco\/api\/-default-\/public\/cmis\/versions\/1.1\/browser","rootFolderUrl":"http:\/\/myalf.mydomain.test:8080\/alfresco\/api\/-default-\/public\/cmis\/versions\/1.1\/browser\/root"}}

      Expected Behaviour

      Result 5 whether Kerberos is enabled or not

      Observed Behaviour

      CMIS browser authentication only works if Kerberos is removed from authentication chain.

      Update II: behaviour in 6.0 is different but it cannot be said that it works. No longer a 401 error but a 404 error:

      curl -vk 'http://myalf.mydomain.test:8080/api/-default-/public/cmis/versions/1.1/browser?alf_ticket=TICKET_056dc260c53de59ce98bd53a34ececae9a7c0521'
      * About to connect() to myalf.mydomain.test port 8080 (#0)
      *   Trying 192.168.11.152...
      * Connected to myalf.mydomain.test (192.168.11.152) port 8080 (#0)
      > GET /api/-default-/public/cmis/versions/1.1/browser?alf_ticket=TICKET_056dc260c53de59ce98bd53a34ececae9a7c0521 HTTP/1.1
      > User-Agent: curl/7.29.0
      > Host: myalf.mydomain.test:8080
      > Accept: */*
      >
      < HTTP/1.1 404 Not Found
      < Server: Apache-Coyote/1.1
      < Content-Type: text/html;charset=utf-8
      < Content-Language: en
      < Content-Length: 1041
      < Date: Fri, 03 Aug 2018 17:01:34 GMT
      <
      <html><head><title>Apache Tomcat/7.0.x - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /api/-default-/public/cmis/versions/1.1/browser</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/api/-default-/public/cmis/versions/1.1/browser</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.x</* Connection #0 to host myalf.mydomain.test left intact
      h3></body></html>

      Still this is what happens when Kerberos is removed. So the behavior is the same, albeit very likely not what the customer needs.

      curl -vk 'http://myalf:8080/api/-default-/public/cmis/versions/1.1/browser?alf_ticket=TICKET_d53f298be592f7c37931495362beaa36cbb34cfb'
      * About to connect() to myalf port 8080 (#0)
      *   Trying 192.168.11.152...
      * Connected to myalf (192.168.11.152) port 8080 (#0)
      > GET /api/-default-/public/cmis/versions/1.1/browser?alf_ticket=TICKET_d53f298be592f7c37931495362beaa36cbb34cfb HTTP/1.1
      > User-Agent: curl/7.29.0
      > Host: myalf:8080
      > Accept: */*
      >
      < HTTP/1.1 404 Not Found
      < Server: Apache-Coyote/1.1
      < Content-Type: text/html;charset=utf-8
      < Content-Language: en
      < Content-Length: 1041
      < Date: Fri, 03 Aug 2018 17:26:51 GMT
      <
      <html><head><title>Apache Tomcat/7.0.x - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /api/-default-/public/cmis/versions/1.1/browser</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/api/-default-/public/cmis/versions/1.1/browser</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.x</* Connection #0 to host myalf left intact
      h3></body></html>

      Update: issue occurs in 5.2.4 also.

      Notes:

      1. Previously atompub URLs had this issue i.e. MNT-10074 and MNT-14367.--
      2. The same behaviour occurs if an Active Directory Account is used.
        curl -vk 'http://myalf.mydomain.test:8080/alfresco/s/api/login' -X POST -d '{"username":"Administrator","password":"Sp@c3cr@ft1"}' -H "Content-type: application/json"
        * About to connect() to myalf.mydomain.test port 8080 (#0)
        *   Trying 192.168.11.152...
        * Connected to myalf.mydomain.test (192.168.11.152) port 8080 (#0)
        > POST /alfresco/s/api/login HTTP/1.1
        > User-Agent: curl/7.29.0
        > Host: myalf.mydomain.test:8080
        > Accept: */*
        > Content-type: application/json
        > Content-Length: 53
        >
        * upload completely sent off: 53 out of 53 bytes
        < HTTP/1.1 200 OK
        < Server: Apache-Coyote/1.1
        < Cache-Control: no-cache
        < Expires: Thu, 01 Jan 1970 00:00:00 GMT
        < Pragma: no-cache
        < Content-Type: application/json;charset=UTF-8
        < Content-Length: 79
        < Date: Mon, 23 Jul 2018 16:38:48 GMT
        <
        {
                "data":
                {
                        "ticket":"TICKET_d391d9319f92c8c1572ef99e8301aa16bfa34790"
                }
        * Connection #0 to host myalf.mydomain.test left intact
        }[root@myalf alfresco-5.2.3]# curl -vk 'http://myalf.mydomain.test:8080/alfresco/api/-default-/public/cmis/versions/1.1/brser?alf_ticket=TICKET_d391d9319f92c8c1572ef99e8301aa16bfa34790'
        * About to connect() to myalf.mydomain.test port 8080 (#0)
        *   Trying 192.168.11.152...
        * Connected to myalf.mydomain.test (192.168.11.152) port 8080 (#0)
        > GET /alfresco/api/-default-/public/cmis/versions/1.1/brwser?alf_ticket=TICKET_d391d9319f92c8c1572ef99e8301aa16bfa34790 HTTP/1.1
        > User-Agent: curl/7.29.0
        > Host: myalf.mydomain.test:8080
        > Accept: */*
        >
        < HTTP/1.1 401 Unauthorized
        < Server: Apache-Coyote/1.1
        < Set-Cookie: JSESSIONID=9AE159CC26F1BA4402FD0FCFB091D3A8; Path=/alfresco; HttpOnly
        < WWW-Authenticate: Negotiate
        < Content-Type: text/html;charset=UTF-8
        < Content-Length: 133
        < Date: Mon, 23 Jul 2018 16:39:26 GMT
        <
        <html><head>
        </head><body><p>Please <a href="/alfresco/api/-default-/public/cmis/versions/1.1/brwser">log in</a>.</p>
        </body></html>
        * Connection #0 to host myalf.mydomain.test left intact
        

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                repositoryteam Repository Team
                Reporter:
                jking Job King
              • Votes:
                3 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated: