REST API returns unauthorized for preview request (renditions) when SSO is enabled in Community 7.3

cancel
Showing results for 
Search instead for 
Did you mean: 
mroedlach
Member II

REST API returns unauthorized for preview request (renditions) when SSO is enabled in Community 7.3

HI!

Installed Community - 7.3.0 (r55faedde-b7346). Everything works fine. But there is a problem with Alfresco Mobile Workspace when preview should be shown.

Environment:

Windows Server 2022 Standard
PostgreSql 13
Alfresco-Search-Service SOLR 6
ActivityMQ
Alfresco Local Transformation Service
Alfresco Content Service 7.3.0

ACS is behind SSL proxy (apache with ajp)

ACS is configured with Kerberos SSO and SSO is enabled:

kerberos.authentication.sso.enabled=true

Everything is working fine. SSO in Browser for share works. SSO to WEBDAV and AOS is fine. Preview in Share is shown. Thumbnails in Share are shown.

In Alfresco Mobile Workspace (IOS & Android) - current versions from store - everything works fine. Only the preview is not working. Selecting an image (jpg) shows the picture. Selecting a PDF, DOC or XLS opens the preview. Under android an 401 error is schown. In IOS a blank screen is shown. There is no error in alfresco.log. Apache log (ssl proxy) gives following info:

[04/Jan/2023:13:29:37 +0100] "GET /alfresco/api/-default-/public/alfresco/versions/1/nodes/88d113df-52ed-486a-9b42-00a315b261a7/renditions/pdf/content?attachment=false&alf_ticket=TICKET_e460dec7d22170c9eca890abcb2de6a37c153fdc HTTP/1.1" 200 79630 "-" "ContentApp/1.5.0 (com.alfresco.contentapp; build:1791; iOS 16.2.0) Alamofire/1.5.0"
[04/Jan/2023:13:29:37 +0100] "GET /alfresco/api/-default-/public/alfresco/versions/1/nodes/88d113df-52ed-486a-9b42-00a315b261a7/renditions/pdf/content?attachment=false&alf_ticket=TICKET_e460dec7d22170c9eca890abcb2de6a37c153fdc HTTP/1.0" 401 4875 "-" "ContentApp/1791 CFNetwork/1402.0.8 Darwin/22.2.0"

So result of the call is 401 (unauthorized). The creation of the preview works fine (first line). Authentication with ticket is working.

Setting SSO to off with:

kerberos.authentication.sso.enabled=false

Restarting ACS.

Everything works fine. Instead of 401 result a 200 result is returned and preview works in Mobile Workspace.

Hope someone can give some useful hints ...

THX Michael