[MNT-16221] Infinite 302 HTTP redirect loop when using External Authentication with uppercase usernames/username case sensitivity Created: 29-Apr-16  Updated: 20-Jul-16  Resolved: 09-Jun-16

Status: Closed
Project: Service Packs and Hot Fixes
Component/s: Repository Authentication and SSO, Share Application
Affects Version/s: 5.0.2, 5.1
Fix Version/s: 5.1.1

Type: Service Pack Request
Reporter: Karthick Mani Assignee: Closed Bugs (Inactive)
Resolution: Fixed Votes: 0
Labels: rn511, triaged
Remaining Estimate: 0 minutes
Time Spent: 3 days, 4 hours
Original Estimate: Not Specified

Application version - 5.1
Application Server - Websphere
Database - DB2
Authentication - External,LDAP

Attachments: PNG File Screen Shot 2016-04-28 at 4.02.21 PM.png     PNG File Screen Shot 2016-04-29 at 10.26.39 AM.png     File alfresco-global.properties     XML File share-config-custom.xml    
Issue Links:
relates to MNT-13602 infinite 302 HTTP redirect loop when ... Closed
Bug Priority:
Category 2
ACT Numbers:

00649718 Premier, 00652034

Build Location: https://releases.alfresco.com/Enterprise-5.1/5.1.1/5.1.1/build-00138/ALL/


This premier customer has setup external SSO authentication (IBM Webseal) as part of their upgrade to 5.1. All the user profiles are imported from an LDAP server where some usernames are uppercase and some are lowercase. With uppercase usernames they can able to login to Share fine but if they click on “Home” link in Share it goes on to a HTTP 302 infinite loop with the message "page isn't working" or "The page isn't redirecting properly" (depending on the browser). The issue is very much similar to the JIRA - https://issues.alfresco.com/jira/browse/MNT-13602 which is Kerberos related. I can able to replicate the issue in my local instance using External Authentication (using Modify Headers add on for Firefox and Google chrome browsers). This does looks like a bug, so is there a way that Alfresco can handle both the uppercase and lowercase usernames using External authentication?

There is no issue if the username is lowercase, users can login to Share and navigate around without any issues.

Steps to reproduce
1) Login to Alfresco Share as an Admin. Create a user which has uppercase username (for example - UPPERCASE)
2) Setup External Authentication in an Alfresco instance (used header mechanism, since it's easy to setup). authentication.chain will be something like - authentication.chain=use-headers:external,alfrescoNtlm1:alfrescoNtlm. Restart Alfresco instance once all changes related to External auth is done.
3) Open up Google chrome and install "Modify Headers for Google Chrome" extension. Add a new header "SsoUserHeader" with value "uppercase" and enable it using the appropriate button. Restart the browser.
4) Login to Alfresco Share - http://localhost:8080/share, the user "UPPERCASE" is logged in.
5) Click on the "Home" link. The localhost page isn’t working, localhost redirected you too many times message is displayed in the browser.

Expected Behaviour
User's Personal dashboard is displayed

Observed Behaviour
Infinite HTTP 302 redirect loop

Generated at Mon Mar 08 14:50:18 GMT 2021 using Jira 7.13.15#713015-sha1:7c5ddd2c3e1709974ae9c48c17df8edd3919fe2c.