[MNT-21363] Create Site fails with Kerb SSO in 6.2 Created: 20-Feb-20  Updated: 07-Jul-20  Resolved: 29-May-20

Status: Closed
Project: Service Packs and Hot Fixes
Component/s: Share Application, Site Administration
Affects Version/s: 6.2
Fix Version/s: 6.2.2

Type: Service Pack Request
Reporter: Jared Gibson Assignee: Closed Bugs
Resolution: Fixed Votes: 1
Labels: cso
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows 2016, Search 1.4, OpenJDK 11.0.5, Chrome


Attachments: PDF File Kerberos Setupt.pdf     File RepoAppsLarge.pem    
Issue Links:
Dependency
Related
is related to by MNT-21511 Kerberos SSO does not work correctly ... Closed
Bug Priority:
Category 1
Escalated By: CSO
ACT Numbers:

01003276, 01003132, 01005587, 01008208, 01009348

Story Points: 5
Delivery Team: Customer Excellence

 Description   

Goal:

Configure ACS 6.2 Distribution Zip with Kerberos SSO and create a site.

Steps Taken:

  • Set up a manual install with ACS 6.2 Dist Zip using Tomcat 8.5, ActiveMQ 5.15, and Search 1.4, on Windows only
  • Enable Kerberos
  • Verified that the share amp is installed to the alfresco war and all configurations for an OOTB ACS with NTLM are set
  • Started up all items and was able to access alfresco and create a site named "BeforeAuthChain" 
  • Shut down ACS and set the configuration for LDAP Auth and Sync
  • Started up ACS and verified the LDAP user is able to log in and create a Site named "WithLdap"
  • Shutdown ACS and configured ldap auth=false and implemented the Kerberos settings
    • This includes looking into the krb5.ini (found in case) and making the changes to the properties, share-config files, and any related files
  • Start up ACS using Kerb+SSO and attempt to make the site "WithKerberos"

 

Expectation:

A site will be created with the name "WithKerberos"

Actual:

A pop up with the following error appears in Share:

ERROR [extensions.webscripts.AbstractRuntime] [https-jsse-nio2-8444-exec-7] Exception from executeScript: 01120001 Failed to execute script 'classpath*:alfresco/site-webscripts/org/alfresco/modules/create-site.post.json.js': 01120000 SyntaxError: Unexpected token: < (file:/C:/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/modules/create-site.post.json.js#28)

 

The customer has compared the mentioned create-site.post.json file to their current Prod which is 5.2 with Kerb SSO, and there are no differences. 

A network trace showcases the same error.

 

Attached you will find logs with names matching the Site being created, in which the following debug was enabled:

  • log4j.logger.org.alfresco.web.app.servlet.KerberosAuthenticationFilter=debug
  • log4j.logger.org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter=debug
  • log4j.logger.org.springframework.extensions.webscripts.AbstractWebScript=debug
  • log4j.logger.org.springframework.extensions.webscripts.AbstractRuntime=debug
  • log4j.logger.org.springframework.extensions.webscripts.servlet.WebScriptServlet=debug
  • log4j.logger.org.springframework.extensions.webscripts.ScriptLogger=debug
  • log4j.logger.org.alfresco.repo.web.scripts=debug
  • log4j.logger.org.alfresco.repo.jscript=debug

A recorded zoom meeting can be found on Feb. 20th 2020 in the case, containing the entire process from unzipping the Dist zip files to the showcase of the error. As well, all other configuration files can be found on the case. 

Please note, This issues is not reproducible in a Linux environment (Tested with Centos), and I am currently working on replicating in a Windows Server. The customer was able to replicate this on different new VM's and multiple re-installations of ACS 6.2 in windows. 

 

 


Generated at Fri Jul 10 04:38:21 BST 2020 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.