我正在尝试使用apache(shibboleth模块)在Alfresco前面进行远程身份验证配置 - 在验证后基本上将REMOTE_USER从apache传递到alfresco。我可以配置露天,我可以成功登录/露天(经典浏览器gui),然而,/ share(更新的gui)不会让我登录。有没有人经历/解决过这个问题?
以下是一些细节:
使用shibboleth mod设置apache(因为我自动登录到/ alfresco,因此可以正常工作)
在apache中为/ alfresco和/ share设置ajp条目。
ProxyPass / alfresco ajp://127.0.0.1:8009 / alfresco
ProxyPassReverse / alfresco ajp://127.0.0.1:8009 / alfresco
ProxyPass / share ajp://127.0.0.1:8009 / share
ProxyPassReverse / share ajp://127.0.0.1:8009 / share
设置tomcat ajp条目
使用
设置/tomcat/shared/classes/alfresco-global.propertiesauthentication.chain =的外部1:外部,alfrescoNtlm1:alfrescoNtlm external.authentication.proxyUserName = external.authentication.proxyHeader = external.authentication.enabled =真
在share-config-custom.xml中,我已经在下面列出了建议的xml条目:
块引用
<alfresco-config>
<!-- Repository Library config section -->
<config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
<!--
Whether the link to the Repository Library appears in the header component or not.
-->
<visible>true</visible>
</config>
<config evaluator="string-compare" condition="Remote">
<remote>
<endpoint>
<id>alfresco-noauth</id>
<name>Alfresco - unauthenticated access</name>
<description>Access to Alfresco Repository WebScripts that do not require authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<identity>none</identity>
</endpoint>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<identity>user</identity>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>http</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<basic-auth>true</basic-auth>
<identity>user</identity>
</endpoint>
<endpoint>
<id>activiti-admin</id>
<name>Activiti Admin UI - user access</name>
<description>Access to Activiti Admin UI, that requires user authentication</description>
<connector-id>activiti-admin-connector</connector-id>
<endpoint-url>http://localhost:8080/alfresco/activiti-admin</endpoint-url>
<identity>user</identity>
</endpoint>
</remote>
</config>
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
块引用
答案 0 :(得分:0)
尝试定义名为'alfrescoHeader'的连接器:
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>X-Alfresco-Remote-User</userHeader>
</connector>
当然,将标题名称更改为您正在使用的名称。 然后,在露天端点中使用它:
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>