This URL for my alfresco gives lots of 401 error code. Where do I need to look into for this?
Which file I need to verify or correct to resolve this? it seems SSO touch base URL /alfresco/wcs/touch
cause issue.
Problem with this is, if I try to fire URL myhost:8080/alfresco/wcs/touch
server goes into loop executing this url in infinite loop and my monitoring system (NewRelic) trigger alert for High percentage of Error
What could be solution to prevent this ? this is now headache and I am not aware about solution or alternative by looking this SSO touch base.
I tried below
#1. Trying excluding url in LocalConfig.conf (SiteMinder config) - > IgnoreURL = "/alfresco/wcs/"
#2. Tried checking F5 for port 8080
#3. Checked configuration in server.xml in tomcat
But issue still persist. Please guide.
A 401 on the /touch operation is perfectly normal. The SSO handshake has to start somewhere and what Share is doing is calling the /touch operation to check if SSO is enabled - if SSO is enabled, the /touch operation will send the 401 with the appropriate WWW-Authenticate header to indicate to the client which type of authentication is required (NTLM / SPNEGO). The only way to prevent the 401s in this case would be to disable SSO altogether...
When you are using SiteMinder (you should have mentioned that in the original post) then it could be that - for some reason - the user header is simply no longer included in the HTTP request and can thus not be forwarded from Share to the Repository-backend. Or it is stripped from the request from Share to Repository (if you are routing that through F5 / proxy with SiteMinder) to fend off attempts of impersonation (i.e. as if a user constructed a request with SiteMinder user ID header already added).
Thanks Axel for quick response,
But this is my production server , where my end user obvious using LB URL instead direct host. So I must enable siteminder login to them.
I can't disable that. But is there any way to prevent such throttle request (high error rate) prevention or configuration that I can perform?
Thanks Axel,
So finally I need to exclude this alert from newrelic to avoid this confusion. I do not want my client see this alert frequently with high error rate. as you said it is valid 401 code for SSO handshake.
I know this is an old question, but for the people having to add a URL for ping in monitoring tools like NewRelic, Stackify, etc. you can use alfresco/service/touch?guest=true which will just give a status 200.
Don't use /share/page because mostly share is fine while repo is down .
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.