Deployment Webclient/Webscripts
To enable single signon on support on the webclient:
1. Download alfresco-opensso-webclient-0.7
Copy it to <Alfresco_Home>/tomcat/webapps/alfresco/WEB-INF/lib
2. Download OpenSSO SDK
Copy it to <Alfresco_Home>/tomcat/shared/lib
 | Warning These instructions assume that Alfresco and OpenSSO live in different JVM. If you want to deploy OpenSSO on the same container as Alfresco, you have to copy the opensso client and opensso amconfig.properties to each individual webapp (share and alfresco) |
3. Create the file AMConfig.properties to <Alfresco_Home>/tomcat/shared/classes
An example of this file can be:
com.iplanet.am.naming.url=http://localhost:9090/opensso/namingservice
com.iplanet.am.cookie.name=iPlanetDirectoryPro
com.sun.identity.agents.app.username=UrlAccessAgent
com.iplanet.am.service.password=123456789
Change the values to reflect your OpenSSO installation. For a reference of the values on the AMConfig.properties, please consult the OpenSSO documentation
4. Replace the authentication filter <Alfresco_Home>/tomcat/webapps/alfresco/WEB-INF/web.xml:
<filter> <filter-name>Authentication Filter</filter-name> <filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class> </filter>
with
<filter> <filter-name>Authentication Filter</filter-name> <filter-class>com.sourcesense.alfresco.opensso.AlfrescoOpenSSOFilter</filter-class> </filter>
Deployment Share
1. Download the share-opensso-0.7
Copy it to <Alfresco_Home>/tomcat/webapps/share/WEB-INF/lib
2. Also copy the lib alfresco-opensso-0.7 to <Alfresco_Home>/tomcat/webapps/share/WEB-INF/lib
3. Add the following filter to <Alfresco_Home>/tomcat/webapps/share/WEB-INF/web.xml:
<filter> <filter-name>Authentication Filter</filter-name> <filter-class>com.sourcesense.alfresco.opensso.AlfrescoShareFilter</filter-class> </filter> <filter-mapping> <filter-name>Authentication Filter</filter-name> <url-pattern>/page/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Authentication Filter</filter-name> <url-pattern>/p/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Authentication Filter</filter-name> <url-pattern>/s/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Authentication Filter</filter-name> <url-pattern>/logout/*</url-pattern> </filter-mapping>
Testing the installation
To test that everything is on place:
- Create a user in OpenSSO, and then logout from it
- Go to Alfresco Home http://localhost:8080/alfresco
- You should be logged as guest. Click the link "Login (guest)" on the top corner
- The browser will be redirected to OpenSSO
- After the login, it'll be redirected back to Alfresco, with the previously created user logged in
- Try to call the a webscript that requires user authentication (eg. http://localhost:8080/alfresco/service/collaboration/tagActions). No login should be required
- Go to Share at http://localhost:8080/share. You should see the user logged to Share
Comments (13)
Sep 16
Jorge Manuel Baeta Dionisio says:
Hi all!!! Can you please post the installation instructions for glassfish v2.1 ...Hi all!!!
Can you please post the installation instructions for glassfish v2.1 ?
Thanks in advance,
Jorge Dionisio
Oct 02
Denys gonçalves dos Santos says:
Hi, I done this steps to configure Alfresco 3.2 as OpenSSO, ...Hi,
I done this steps to configure Alfresco 3.2 as OpenSSO, but I don't had success. The OpenSSO was authenticated successfuly but do not login in alfresco web. When I try login in the Share I have a message "Infinite Redirection". I think so it is a infinite loop. how I can solve it? Does exist another configutation to Alfresco or to OpenSSO?
Thanks
Oct 06
Gustavo Nalle Fernandes says:
Hi, please take a look at http://opensource.sourcesense.com/confluence/display/A...Hi, please take a look at http://opensource.sourcesense.com/confluence/display/ALE/version+0.6?focusedCommentId=1179695#comment-1179695
Oct 07
Carl Ballantyne says:
Hi, I am about 90% of the way there. I have an installation of OpenSSO working ...Hi,
I am about 90% of the way there. I have an installation of OpenSSO working with Alfresco using SSO.Yay!
However when I try to login to Share I am not having much luck. Firstly I am redirected to the login page for OpenSSO - which is good. But then once I log in I am taken back to the login screen for Share. I know I am logged in successfully because I can see a session in the OpenSSO console and when I go to Alfresco it tells me I am logged in. Incidentally if I log into Share with admin/admin - the default user when I installed Alfresco (and not in my LDAP) I log in successfully. It is like the filter is not working.
I have modified the web.xml for Share as per the steps. And I have even tried placing a copy of the AMConfig.properties to each of the webapps along with a copy of the web client. Even though I have the instance of OpenSSO in Glassfish 2.1 and the instance of Alfresco and Share in Tomcat 5.5.
In the logs I am getting:
15:43:54,044 User:guest ERROR [web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 09070077 Login failed
org.alfresco.web.scripts.WebScriptException: 09070077 Login failed
I am using the community edition 3.2. Also I set the cookie encoding to true in AMConfig.properties (com.iplanet.am.cookie.encode=true).
I will keep digging around but any suggestions would be great.
EDIT: Oh I have just seen this is in the JIRA - http://opensource.sourcesense.com/jira/browse/ALFOSSO-8. Fingers crossed for a fix.
Oct 09
Denys gonçalves dos Santos says:
I have same problem! Do you already have any solution? tksI have same problem! Do you already have any solution?
tks
Dec 08
Shahid says:
I am having the same problem with Share. Did anybody get it resolved? Also I am ...I am having the same problem with Share. Did anybody get it resolved? Also I am not able to see the above Jira issue.
Oct 08
Carl Ballantyne says:
Another thing I have noticed is that in Alfresco user administration I am not se...Another thing I have noticed is that in Alfresco user administration I am not seeing the users or groups I have created in OpenSSO. I noticed when looking at the how to for version 0.5 that I am supposed to be able to see them. Strange considering I am able to log in successfully to Alfresco. Could it be a configuration option I have missed or another 3.2 issue?
Oct 27
Florent Cordier says:
Hi, I'm currently trying to use Alfresco CIFS with an OpenSSO authentication. I ...Hi, I'm currently trying to use Alfresco CIFS with an OpenSSO authentication. I fail each time and i don't find a solution to make it. During my research I found on your solution to use OpenSSO with Alfresco. Have you ever take a look to the OpenSSO authentication for Alfresco CIFS?
Nov 03
James Arnott says:
Cant get to the download file listed in step 1. However I did find ... http://...Cant get to the download file listed in step 1.
However I did find ...
http://repository.sourcesense.com/nexus/content/groups/public/com/sourcesense/alfresco/alfresco-opensso-webclient/0.7/
Nov 09
Rogier Peters says:
Hi James, We recently made some changes to the nexus configuration. The link yo...Hi James,
We recently made some changes to the nexus configuration. The link you're suggesting is fine, so I updated the document
Unfortunately, the link to the OpenSSO sdk is still broken, I suggest you get that directly from: https://opensso.dev.java.net/
Nov 29
Marco Rojas says:
Hi, So far I was able to get this working on alfresco following the instruction...Hi,
So far I was able to get this working on alfresco following the instructions I am having a problem with share, mainly because I can't find the share-opensso-0.7 file.
Anyone willing to share it?
Also, here is the link for the sdk file in case some one needs it: OpenSSO.SDK
Thank you.
Dec 24
Pritesh Shah says:
Hi All, i was trying to integrate open SSO with Alfresco 3.2 EEand i have follo...Hi All,
i was trying to integrate open SSO with Alfresco 3.2 EEand i have followed steps as mentioned sourcesense version 0.7 as above.
i have deployed open SSO war in the same tomcat as of Alfresco 3.2 EE and configured open SSO and then edited the AMConfig.properties according to requirements.
When i am hitting alfresco URL it gives me Open SSO client page and asking me for credentials. i am giving credentials but it gives me error as below:
caused by:
java.lang.NoSuchMethodError: org.alfresco.service.cmr.security.AuthenticationService.createAuthentication(Ljava/lang/String;[C)V
Hide Details
at com.sourcesense.alfresco.transaction.TransactionalHelper.doInTransaction(TransactionalHelper.java:59)
at com.sourcesense.alfresco.opensso.AlfrescoFacade.createUser(AlfrescoFacade.java:125)
at com.sourcesense.alfresco.opensso.AlfrescoOpenSSOFilter.doFilter(AlfrescoOpenSSOFilter.java:93)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.NoSuchMethodError: org.alfresco.service.cmr.security.AuthenticationService.createAuthentication(Ljava/lang/String;[C)V
at com.sourcesense.alfresco.opensso.AlfrescoFacade$2.execute(AlfrescoFacade.java:127)
at com.sourcesense.alfresco.transaction.TransactionalHelper.doInTransaction(TransactionalHelper.java:46)
... 14 more
is there any change in steps or core/jars for openssosdk for Alfresco 3.2 EE?
Can any one please help me to solve this issue?
Thanks in advance!!!!!!
Mar 02
Marco Rojas says:
Hi, I am trying to get this working on alfresco 2.3 and so far i can get to my ...Hi,
I am trying to get this working on alfresco 2.3 and so far i can get to my opensso page however, when I click on login and enter my username and password, I get taken back to the guest page. In other words I can't login. I have enabled LDAP on the server and If i disable sso I can login just fine. I am not able to find this file openssoclientsdk-8.0.jar so I am not sure if that's part of the issue...I am using instead openssolcientsdk.jar from the opensso source.
Here is a fresh log from catalina.out:
Any help would be greatly appreciated.
Thank you.