Kerberos ACS 6.2 Community

cancel
Showing results for 
Search instead for 
Did you mean: 
maxodoble
Active Member

Kerberos ACS 6.2 Community

Hi,

have a working Installation of ACS 6.1.2 Community with enabled Kerberos SSO.

When trying the same Configuration with ACS 6.2.0 GA, i am getting errors, as soon as i enable Kerberos SSO:

SEVERE: Servlet.service() for servlet [wcapiServlet] in context with path [/alfresco] threw exception
org.alfresco.rest.framework.core.exceptions.NotFoundException: 11060000 /create/alfresco/site-data/extensions/default-persisted-extension.xml was not found
	at org.alfresco.rest.api.PublicApiDeclarativeRegistry.findWebScript(PublicApiDeclarativeRegistry.java:250)
	at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:204)
	at jdk.internal.reflect.GeneratedMethodAccessor457.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:119)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
	at com.sun.proxy.$Proxy150.doFilter(Unknown Source)
	at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter.doFilter(WebScriptSSOAuthenticationFilter.java:124)
	at jdk.internal.reflect.GeneratedMethodAccessor457.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:119)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
	at com.sun.proxy.$Proxy150.doFilter(Unknown Source)
	at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.alfresco.web.app.servlet.WebscriptCookieAuthenticationFilter.doFilter(WebscriptCookieAuthenticationFilter.java:77)
	at jdk.internal.reflect.GeneratedMethodAccessor457.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:132)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
	at com.sun.proxy.$Proxy150.doFilter(Unknown Source)
	at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1458)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)

Dec 06, 2019 1:17:02 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [wcapiServlet] in context with path [/alfresco] threw exception
org.alfresco.rest.framework.core.exceptions.NotFoundException: 11060001 /create/alfresco/site-data/module-deployments/Aikau 1.0.101.19 Config Module.xml was not found
	at org.alfresco.rest.api.PublicApiDeclarativeRegistry.findWebScript(PublicApiDeclarativeRegistry.java:250)
	at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:204)
	at jdk.internal.reflect.GeneratedMethodAccessor457.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:119)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
	at com.sun.proxy.$Proxy150.doFilter(Unknown Source)
	at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter.doFilter(WebScriptSSOAuthenticationFilter.java:124)
	at jdk.internal.reflect.GeneratedMethodAccessor457.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:119)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
	at com.sun.proxy.$Proxy150.doFilter(Unknown Source)
	at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.alfresco.web.app.servlet.WebscriptCookieAuthenticationFilter.doFilter(WebscriptCookieAuthenticationFilter.java:77)
	at jdk.internal.reflect.GeneratedMethodAccessor457.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:132)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
	at com.sun.proxy.$Proxy150.doFilter(Unknown Source)
	at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1458)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)

Does anybody know how i could track down the cause of this problem?

Any obvious hints whats going on here?

Thanks,

Max

 

15 Replies
netchaiev
Member II

Re: Kerberos ACS 6.2 Community

Hello

I'm in the same situation when i try to map webdav folder in Windows (Alfresco AS Community 6.2)

Auth with Kerberos without SSO -> OK

Auth with Kerberos with SSO -> same logs (".... networks was not found")

If someone has a solution ...

 

fedorow
Senior Member II

Re: Kerberos ACS 6.2 Community

Tracing authentication process could help to understand the problem.

https://docs.alfresco.com/6.2/concepts/auth-kerberos-debug.html

Steph76k
Customer

Re: Kerberos ACS 6.2 Community

Dear All,

I'm facing a similar issue, could anyone find the solution?

Thanks

Steph

 

EddieMay
Alfresco Employee

Re: Kerberos ACS 6.2 Community

Hi @Steph76k,

I've asked our engineers if there was any change in Kerberos implementation btn 6.1 & 6.2. I'll report back asap. 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
msheremeta
Customer

Re: Kerberos ACS 6.2 Community

I am getting the above mentioned error on ACS 6.2.0 enterprise with Kerberos authentication.

Additional lines I'm getting in the log after changing Kerberos logging level as fedorow recommends are:

2020-03-31 09:04:13,833  DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@4cc77c2e, name=log4j:logger=org.alfresco.web.app.servlet.KerberosAuthenticationFilter
2020-03-31 09:04:13,844  DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@4cc77c2e, name=log4j:logger=org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter

 

EddieMay
Alfresco Employee

Re: Kerberos ACS 6.2 Community

Hi @msheremeta,

What does your share-config-custom.xml configuration look like? Is it setup correctly for  Kerberos?

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
phivuu-2
Partner

Re: Kerberos ACS 6.2 Community

@maxodoble 

Did you find any solution to the problem?

luca_ow
Active Member

Re: Kerberos ACS 6.2 Community

Hi,

same problem for me.

I'm using Alfresco Community 6.2 (201911 GA).

With Kerberos disabled I'm able to mount WebDAV as a Network Drive.

With Kerberos enabled mount doesn't work; the error message is: "The network name cannot be found".

Kerberos seems to be configured correctly: SSO in Chrome and IE works fine.

Note that all settings proposed in https://docs.alfresco.com/6.2/concepts/auth-kerberos-clientconfig.html under the section "Kerberos client configuration for WebDav" has also been applied.

Using Fiddler , with Kerberos enabled, I see many identical redirect:

 

Selection_370.png

 

@fedorow enabling debug logs doesn't print additional informations in Alfresco logs

@EddieMay any good news from Alfresco engineers?

Thanks

hajop
Member II

Re: Kerberos ACS 6.2 Community

I just encountered the same Problem.

I also observed, that enabling debug logs doesn't print any additional informations in Alfresco logs.

@EddieMay What did your engineers say?