Hi,
I installed Alfresco with https.
I generated the certificate
cd / opt / alfresco / scripts
./createssl.sh
However, when logging into the platform the following error message occurs:
Error logging in to Alfresco
Something is wrong with this page ...
We may have encountered an error, or maybe something has been removed or deleted, so check to see if the URL is correct.
It is also possible that you do not have permission to view the page (it may be part of a private site) or that an internal error has occurred. Contact your IT staff.
If you are trying to access the home page and it is no longer available, change it by clicking its name on the toolbar.
See the logs:
root@server-processoverde-seguro:~# tail -f /opt/alfresco/tomcat/logs/catalina.out
2019-11-06 11:20:48,376 ERROR [alfresco.web.site] [http-nio-8080-exec-29] javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://138.197.2.163/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://138.197.2.163/share/page/' vs server & context: http://138.197.2.163/ (string) or (regexp)
root@server-processoverde-seguro:~# tail -f /var/log/nginx/error.log
2019/11/06 10:17:41 [warn] 2162#2162: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/nginx/ssl/alfserver.crt"
Wed Nov 06 11:30:00 BRST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
I commented the CSRF anyway, it still didn't work out.
cd /opt/alfresco/tomcat/shared/classes/alfresco/web-extension
vi share-config-custom.xml
<!--
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<properties>
<token>Alfresco-CSRFToken</token>
<referer>https?:\/\/@@ALFRESCO_SHARE_SERVER@@\/.*</referer>
<origin>https?:\/\/@@ALFRESCO_SHARE_SERVER@@.*</origin>
</properties>
</config>
-->
What is the solution to this problem?
Thanks a lot!
Zé Brasil
Solved! Go to Solution.
If you want to disable CSRF, you need to add the following lines:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>
What UI are you using?
Try disabling CSRF in your share-config-custom.xml
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>
or adding the https protocol to your CSRF existing confituration.
Also remember to clear the cache of your browser.
Hi jljwoznica,
I'm logging in with admin user.
Thanks.
Hi angelborroy,
I disabled CSRF.
I cleared browser cache.
In alfresco-global.properties is already set https
Look:
<!-- Disable the CSRF -->
<!--
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<properties>
<token>Alfresco-CSRFToken</token>
<referer>https?:\/\/@@ALFRESCO_SHARE_SERVER@@\/.*</referer>
<origin>https?:\/\/@@ALFRESCO_SHARE_SERVER@@.*</origin>
</properties>
</config>
-->
#-----------------------
# System paramaters
#-----------------------
alfresco.context=alfresco
alfresco.host=@@ALFRESCO_REPO_SERVER@@
alfresco.port=8080
alfresco.protocol=http
#
share.context=share
share.host=@@ALFRESCO_SHARE_SERVER@@
share.port=443
share.protocol=https
What may be missing?
Thanks a lot.
Zé Brasil
If you want to disable CSRF, you need to add the following lines:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>
Hi angelborroy,
It worked.
Thanks a lot for the help.
With best regards,
Zé Brasil
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.