Error logging in to Alfresco

cancel
Showing results for 
Search instead for 
Did you mean: 
jbrasil
Active Member II

Error logging in to Alfresco

Jump to solution

Hi,
I installed Alfresco with https.
I generated the certificate
cd / opt / alfresco / scripts
./createssl.sh
However, when logging into the platform the following error message occurs:

Error logging in to Alfresco

Something is wrong with this page ...

We may have encountered an error, or maybe something has been removed or deleted, so check to see if the URL is correct.

It is also possible that you do not have permission to view the page (it may be part of a private site) or that an internal error has occurred. Contact your IT staff.

If you are trying to access the home page and it is no longer available, change it by clicking its name on the toolbar.

See the logs:

root@server-processoverde-seguro:~# tail -f /opt/alfresco/tomcat/logs/catalina.out

2019-11-06 11:20:48,376 ERROR [alfresco.web.site] [http-nio-8080-exec-29] javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://138.197.2.163/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://138.197.2.163/share/page/' vs server & context: http://138.197.2.163/ (string) or (regexp)

root@server-processoverde-seguro:~# tail -f /var/log/nginx/error.log
2019/11/06 10:17:41 [warn] 2162#2162: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/nginx/ssl/alfserver.crt"

Wed Nov 06 11:30:00 BRST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

 

I commented the CSRF anyway, it still didn't work out.

cd /opt/alfresco/tomcat/shared/classes/alfresco/web-extension
vi share-config-custom.xml

<!--
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<properties>
<token>Alfresco-CSRFToken</token>
<referer>https?:\/\/@@ALFRESCO_SHARE_SERVER@@\/.*</referer>
<origin>https?:\/\/@@ALFRESCO_SHARE_SERVER@@.*</origin>
</properties>
</config>
-->

What is the solution to this problem?
Thanks a lot!
Zé Brasil

1 Solution

Accepted Solutions
angelborroy
Alfresco Employee

Re: Error logging in to Alfresco

Jump to solution

If you want to disable CSRF, you need to add the following lines:

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">

<filter/>

</config>

Hyland Developer Evangelist

View solution in original post

6 Replies
jljwoznica
Senior Member

Re: Error logging in to Alfresco

Jump to solution

What UI are you using? 

angelborroy
Alfresco Employee

Re: Error logging in to Alfresco

Jump to solution

Try disabling CSRF in your share-config-custom.xml 

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">

<filter/>

</config>

or adding the https protocol to your CSRF existing confituration.

Also remember to clear the cache of your browser.

Hyland Developer Evangelist
jbrasil
Active Member II

Re: Error logging in to Alfresco

Jump to solution

Hi jljwoznica,
I'm logging in with admin user.
Thanks.

jbrasil
Active Member II

Re: Error logging in to Alfresco

Jump to solution

Hi angelborroy,
I disabled CSRF.
I cleared browser cache.
In alfresco-global.properties is already set https
Look:

<!-- Disable the CSRF -->

<!--
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<properties>
<token>Alfresco-CSRFToken</token>
<referer>https?:\/\/@@ALFRESCO_SHARE_SERVER@@\/.*</referer>
<origin>https?:\/\/@@ALFRESCO_SHARE_SERVER@@.*</origin>
</properties>
</config>
-->


#-----------------------
# System paramaters
#-----------------------
alfresco.context=alfresco
alfresco.host=@@ALFRESCO_REPO_SERVER@@
alfresco.port=8080
alfresco.protocol=http
#
share.context=share
share.host=@@ALFRESCO_SHARE_SERVER@@
share.port=443
share.protocol=https


What may be missing?
Thanks a lot.
Zé Brasil

angelborroy
Alfresco Employee

Re: Error logging in to Alfresco

Jump to solution

If you want to disable CSRF, you need to add the following lines:

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">

<filter/>

</config>

Hyland Developer Evangelist
jbrasil
Active Member II

Re: Error logging in to Alfresco

Jump to solution

Hi angelborroy,
It worked.

Thanks a lot for the help.
With best regards,
Zé Brasil