Hi,
I have configured Kerberos authentication on Alfresco 5.1 according to this manual Configuring Kerberos against Active Directory | Alfresco Documentation and authentication works fine againt Windows AD. But I have to write the credentials manually. When I open any browser as a domain user the browser will not send any kerberos communication (in wireshark) and always return header
WWW-Authenticate: Basic realm="Alfresco"
instead of
WWW-Authenticate:Negotiate
which I would expect.
Same behaviour is for URLs http://server.mydomain.local:8080/alfresco/s/enterprise/admin and http://server.mydomain.local:8080/share
only in first case it is browser dialog and in second case HTML dialog. Both are manully working but neither automatically.
I am trying it from different Windows server than where Tomcat application server is (on Windows in domain) and I have site in IE in Intranet zone, checked automatically login, tried described configuration in FF but still no communication with kerberos at all. There are no errors about problems with authentication, there is nothing. Could you please advise what else I can check? I believe that keytabs and kerberos setting is correct when I can authenticate user manually.
This is what I have in alfresco-global.properties
authentication.chain=kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm
### Kerberos properties ###
ntlm.authentication.sso.enabled=false
kerberos.authentication.sso.enabled=true
kerberos.authentication.defaultAdministratorUserNames=admin
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.cifs.password=mypass
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.http.password=mypass
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.realm=MYDOMAIN.LOCAL
kerberos.authentication.stripUsernameSuffix=true
kerberos.authentication.browser.ticketLogons=true
kerberos.authentication.sso.fallback.enabled=false
I found out some news about this issue.
When I open first http://server.mydomain.local:8080/alfresco/api then I am logged in with SSO and within the same session in browser I can log in to http://server.mydomain.local:8080/alfresco/s/enterprise/admin without password.
When I open first http://server.mydomain.local:8080/alfresco/webdav then i am logged in with SSO and within the same session in browser I cannot log in to http://server.mydomain.local:8080/alfresco/s/enterprise/admin without password with error.
So in second scenario even when I am logged in the same way the ticket is somehow different. In first scenario it is almost as expected but the first opening of api page is step I do not want.
Please, can anybody explain this?
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.