Login Problem after redirecting to https

cancel
Showing results for 
Search instead for 
Did you mean: 
vogelk
Member II

Login Problem after redirecting to https

Hi,

we are running alfresco 5.2 in an windows 2012 environment. Since changing the web.xml for redirecting,  logging is not possible.

Message

" Your authentication details haven't been recognized or Alfresco Content Services may not be available at this time. "

This part was added:

<security-constraint>
  <web-resource-collection>
   <web-resource-name>HTTPSonly</web-resource-name>
   <url-pattern>/*</url-pattern>
  </web-resource-collection>
 <!-- auth-constraint goes here if you require authentication -->
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

Without the redirect logging over http and https is working. Can anyone please help us with this issue?  

Thanks in advane Smiley Happy 

8 Replies
douglascrp
Advanced II

Re: Login Problem after redirecting to https

You should be able to identify what is wrong by checking the log files: alfresco.log, catalina.out.

Ideally, it would be better to have something like Apache Webserver in front of the Alfresco server, and then you could use it to deal with the https configuration.

That is how most people do it.

vogelk
Member II

Re: Login Problem after redirecting to https

Thansk for fast reply,

alfresco.log gives no output after failed login and catalina.out isn't available. The only log is in share.log and says something about "PKIX path building failed". So i checked the certificates and testet some troubleshootings but it doesn't help (reinstalled the certificates, checked all paths in configurationdata).

 

To install an apache in front of alfresco is the last option for us. The better way for us is to find a way without an additional apache.

ranjeetsi
Established Member II

Re: Login Problem after redirecting to https

Hi ,

From the above configuration looks like - configured for HTTPS only.

Depending on whether you are configuring ssl on Test or Prod env - you can follow the below steps.

For test env - only change in server.xml is needed

Configuring SSL for a test environment | Alfresco Documentation 

Configuring SSL for a production environment | Alfresco Documentation 

Please let know if this helps.

Alfresco Content Services Certified Engineer (ACSCE)
vogelk
Member II

Re: Login Problem after redirecting to https

Thanks for reply,

our alfresco is located in our intranet and should not be visible from the outside.

Please correct me if i'm wrong but i think we don't need a proxy for this. But alfresco should be only available over https.

We added following to the server.xml

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           enableLookups="false"
           redirectPort="1443" />

    <Connector port="80" protocol="HTTP/1.1"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           enableLookups="false"
           redirectPort="1443" />

    <Connector port="1443" URIEncoding="UTF-8"
    protocol="org.apache.coyote.http11.Http11Protocol"  
    SSLEnabled="true" maxThreads="150" scheme="https"  
    keystoreFile="path"
    keystorePass="password"  
    keystoreType="JCEKS"  
    secure="true" connectionTimeout="240000"  
    clientAuth="false"  
    sslProtocol="TLS"
    allowUnsafeLegacyRenegotiation="true"  
    maxHttpHeaderSize="32768"
    sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" />

and it's working until we add the redirect to web.xml. We followed the instruction for configuring SSL in a test environment except the redirect in the web.xml which we need to prevent connections over http.

ranjeetsi
Established Member II

Re: Login Problem after redirecting to https

Hi ,

I was able to reproduce the issue- in below screenshot and logs - check the below link 

And it is not alfresco issue rather - ssl(JavaEE) issue. Need to try different values or a string with path for your page etc... hit and trial

Alfresco HTTPS setup - Blog - eCommerce Solutions, Document and Content Management 

Also try with 

http://docs.adaptivecomputing.com/viewpoint/7-2-6/hpc/Content/topics/1-setup/securityConfiguration/m... 

Forcing SSL for sections of your website - Metawerx Java Wiki 

---------------------------------------------------------------------------------------------------------------------------------- I got this issue as below:

at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 74 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)

Alfresco Content Services Certified Engineer (ACSCE)
vogelk
Member II

Re: Login Problem after redirecting to https

Thanks!

i followed the instruction but now i get the error message even without the redirect.

I'll check my settings and go on with testing.

After restarting alfresco there some new ErrorMessages in alfresco.log :

ERROR [org.hibernate.transaction.JDBCTransaction] [http-bio-8443-exec-15] JDBC rollback failed
org.postgresql.util.PSQLException: This connection has been closed.

ERROR [org.alfresco.util.transaction.SpringAwareUserTransaction] [http-bio-8443-exec-15] Application exception overridden by rollback exception
java.lang.Exception

RROR [org.alfresco.repo.transaction.RetryingTransactionHelper] [http-bio-8443-exec-15] Rollback failure.  Normal retry behaviour will resume.
org.springframework.transaction.TransactionSystemException: Could not roll back Hibernate transaction; nested exception is org.hibernate.TransactionException: JDBC rollback failed

and in solr.log:

ERROR [org.alfresco.solr.tracker.AbstractTracker] Tracking failed
java.net.SocketException: Socket Closed

ERROR [org.alfresco.solr.tracker.AbstractTracker] Tracking failed
java.net.SocketException: Socket Closed

ranjeetsi
Established Member II

Re: Login Problem after redirecting to https

Hi Katharina,

Can you please check that when you stopped the server the postgresql had stopped . You can ensure that from services.msc 

Looks like a mismatch in the indexes causing this.

Just do a full SOR reindex , which is nothing but just delete the SOLR4 directory and then restart the alfresco.

alf_data/solr4

The complete detail to do a full reindex is as below link:

Performing a full reindex with Solr | Alfresco Documentation 

Alfresco Content Services Certified Engineer (ACSCE)
vogelk
Member II

Re: Login Problem after redirecting to https

Hi Ranjeet,

the alfresco.log and solr.log are clean now, thanks!

But old Problem in share.log:

Error status 500 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I've seen that the cacert has only one entry, my own certificate, is this a problem?