Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-2766

Share asks for Basic-Auth while not needed trying to access RSS feeds (thus breaking SSO).

    Details

      Description

      When trying to access RSS feeds through share dashlet link (/share/page/feed/components/dashlets/activities/list?format=atomfeed&mode=user&site=&dateFilter=7&userFilter=all&activityFilter=), an authentication prmpt appear, asking for username and password even if you have a working SSO setup.
      In the same session (same SSO crednetials) trying to access the feeds via Alfresco works OK.

      Steps to reproduce:

      1 - Setup an Alfresco instance
      2 - Enable an external authentication in the authentication chain (Jasig CAS server + apache/mod_auth_cas is quite straight forward to setup):
      external.authentication.proxyUserName=
      external.authentication.proxyHeader=CAS-User
      external.authentication.enabled=true
      Setup is like this:
      Client => Apache Proxy AJP => Share => Alfresco
      3 - Configure Share for SSO propagating user through HTTP header.
      4 - Modify alfresco-feed end-point to use an SSO aware connector (alfrescoHeader in this case) in share-config-custom.xml:

      4 - Test SSO by logging in Share
      5 - Click on the RSS link in the My Activities dashlet (or any other RSS link)

      Expected behaviour:
      Share should trust the HTTP header found in the request and pass it over to Alfresco. Then, Rss feeds should be displayed in the browser using atomfeed format

      Actual behaviour:
      Share send 401 HTTP status code and the user is prompted for a login and and password. After validating credentials Share passes the request to Alfresco using the SSO HTTP header, without the basic-auth ones.

      Additionnal notes:
      Same behaviour has been observed using external authentication based on cookies.

        Attachments

        1. cas.mp4
          2.01 MB
        2. rss_alfresco.pcap
          6 kB
        3. rss_share.pcap
          4 kB
        4. RSS + SSO.png
          RSS + SSO.png
          49 kB
        5. share-config-custom.xml
          2 kB

          Issue Links

            Activity

              People

              • Assignee:
                closedbugs Closed Bugs
                Reporter:
                achapellon Alexandre Chapellon
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 days, 7 hours
                  3d 7h