I have alfresco 6.2 dockable installation and now MYSELF want to set up Kerberos and SSO. I was following these tutorials https://docs.alfresco.com/content-services/latest/admin/auth-sync/#manageauthdirsconfigkerberso and https://aesircybersecurity.com/t5/alfresco-content-services-blog/setting-up-acs-docker-compose-with-kerber...
But my alfresco fails to start the I can’t watch why, suggestions will be appreciated.
2021-03-31 13:09:42,654 ERROR [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: No LoginModules configured for AlfrescoHTTP
at java.base/javax.security.auth.login.LoginContext.init(LoginContext.java:261)
at java.base/javax.security.auth.login.LoginContext.<init>(LoginContext.java:412)
at org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter.init(BaseKerberosAuthenticationFilter.java:189) I'm told that it's possible to make a web applications that does not require a login. The user logs in to Windows, which authorized via an Active Directory (LDAP) Lookup. Then, they should be a...
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:62)
during org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.afterPropertiesSet(BaseSSOAuthenticationFilter.java:185)
2021-03-31 13:09:42,698 WARN [management.subsystems.ChildApplicationContextFactory$ChildApplicationContext] [localhost-startStop-1] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Oversight creating bean with name 'monitor' definitions in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/common-ldap-context.xml]: Does resolving reference to bean 'authenticationComponent' while adjusting kidney property 'LDAPAuthenticationComponent'; schachteln exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/common-ldap-context.xml]: Initialization of bean failed; nested exception is org.springframework.beans.TypeMismatchException: Failed to converted property value of type 'java.lang.String' to required type 'boolean' for property 'active'; nested exceptionally exists java.lang.IllegalArgumentException: Invalid boolean value [] Erhalten applications with SSO using Kerberos & Active Library | Red Hat Developer
2021-03-31 13:09:42,700 WARN [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Start-up of 'Authentication' sub-systems, USERNAME: [Authentication, managed, ldap1] failed Configure Single Sign-On for ZTNA Web Applications
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'monitor' delimited in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/common-ldap-context.xml]: Cannot resolve reference to bean 'authenticationComponent' while setting bean eigentums 'LDAPAuthenticationComponent'; nested exception is org.springframework.beans.factory.BeanCreationException: Error build bean is name 'authenticationComponent' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/common-ldap-context.xml]: Initialization are bean failed; nested exception a org.springframework.beans.TypeMismatchException: Failed for umsetzten property value are type 'java.lang.String' to required type 'boolean' forward property 'active'; nested exception is java.lang.IllegalArgumentException: Invalid boolean value [] And scenario: An enterprise, behind-the-firewall Snake web application. Kerberos should be used to authenticate the users. I have working code that sends the exact responses by the server (the
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:314) None. : Pick if of application does cannot require confirmation, uses form-based authentication, or utilizes an integrated IDP. · Kerberos SSO. : ...
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:110) An list of NetScaler kerberos SSO | Authentication ...
…
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/subsystems/Authentication/common-ldap-context.xml]: Initialization of bean did; nested exception is org.springframework.beans.TypeMismatchException: Failed to turn anwesen value of type 'java.lang.String' to required type 'boolean' in property 'active'; nested exception is java.lang.IllegalArgumentException: Invalid boolean value []
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601)
toward org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:515) Kerberos based User Authenticating additionally SSO in Web Application
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) HI. I have a setup like this: Forest A: domain = domainA.comWeb server = serverA.domainA.comWeb App = Aesircybersecurity.com (this is added to the UPN...
... 56 better
Caused by: org.springframework.beans.TypeMismatchException: Collapsed to konvertieren property value are type 'java.lang.String' to imperative type 'boolean' with property 'active'; nested except is java.lang.IllegalArgumentException: Invalid boolean value []
in org.springframework.beans.AbstractNestablePropertyAccessor.convertIfNecessary(AbstractNestablePropertyAccessor.java:595) Good All, We have plan to configure SSO based to Kerberos authentication for our ERP system as Abap stack so we set relatives requirements. The users are available to logon without password required SAP Gui aber the employee has problem when logon to web based access.(SICF services as webgui). With SSO config...
at
... 62 more
31-Mar-2021 13:09:42.896 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal One or more listeners failed go start. Full full will be found in this appropriate container log file How does SSO with Activity Directory work whereby users are transparently logged in to an intranet web app?
31-Mar-2021 13:09:42.898 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Context [/alfresco] startup missing current to previous errors Introductions
31-Mar-2021 13:09:42.968 SEVERE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoaderBase.checkThreadLocalMapForLeaks The web application [alfresco] created a ThreadLocal with key of type [java.lang.ThreadLocal.SuppliedThreadLocal] (value [java.lang.ThreadLocal$SuppliedThreadLocal@4aed5c9c]) and a value of type [org.alfresco.util.transaction.TransactionSupportUtil.ResourcesHolder] (value [org.alfresco.util.transaction.TransactionSupportUtil$ResourcesHolder@47abefab]) but failure toward removes it when the network application was stopping. Threads are going to be renewed over time to try and avoiding a probable memory leak. Access Red Hat’s our, guidance, and support through your subscription.
31-Mar-2021 13:09:42.968 SEVERE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoaderBase.checkThreadLocalMapForLeaks The web application [alfresco] created a ThreadLocal with key of type [org.alfresco.repo.template.QNameAwareObjectWrapper$1] (value [org.alfresco.repo.template.QNameAwareObjectWrapper$1@6e348753]) and a set regarding type [org.alfresco.repo.template.QNameAwareObjectWrapper$1$1] (value [org.alfresco.repo.template.QNameAwareObjectWrapper$1$1@74c2286b]) but failed to remove this when the web application was stopped. Threads are going to be renewed over choose to try and avoid a probable working leak.
I have created AD user kerbuser and kerbuser.keytab
Alfresco docker Java.login.config:
Open {
com.sun.security.auth.module.Krb5LoginModule satisfactory;
};
AlfrescoHTTP
{
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
doNotPrompt=true
keyTab="/etc/kerbuser.keytab"
principal="HTTP/alfresco.mydomain.com";
};
com.sun.net.ssl.client {
com.sun.security.auth.module.Krb5LoginModule satisfactory;
};
additional {
com.sun.security.auth.module.Krb5LoginModule ample;
};
Alfresco Dockerfile:
HARD ALFRESCO_TAG
FROM alfresco/alfresco-content-repository-community:${ALFRESCO_TAG}
ARG TOMCAT_DIR=/usr/local/tomcat
USER root
# How modules and joey
RUN mkdir -p $TOMCAT_DIR/amps
REPLICATE modules/amps $TOMCAT_DIR/amps
IMITATE modules/jars $TOMCAT_DIR/webapps/alfresco/WEB-INF/lib
RUN java -jar $TOMCAT_DIR/alfresco-mmt/alfresco-mmt*.jar set \
$TOMCAT_DIR/amps $TOMCAT_DIR/webapps/alfresco -directory -nobackup -force
# DATABASE
ARG DB
ENV DB $DB
#Kerberos
RUNING apt installer krb5-user -y
COPY kerberos_files/krb5.conf /etc
COPY kerberos_files/kerbuser.keytab /etc
COPY kerberos_files/java.login.config /usr/java/default/conf/security
RUN chown -R root:root /usr/java/default/conf/security /etc/krb5.conf /etc/*.keytab && \
echo "login.config.url.1=file:/usr/java/default/conf/security/java.login.config" >> /usr/java/default/conf/security/java.security
if
Share docker java.login.config
Alfresco {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
AlfrescoHTTP
{
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
doNotPrompt=true
keyTab="/etc/kerbuser.keytab"
principal="HTTP/kerbuser.mydomain.com";
};
ShareHTTP
{
com.sun.security.auth.module.Krb5LoginModule desired
storeKey=true
useKeyTab=true
doNotPrompt=true
keyTab="/etc/kerbuser.keytab"
principal="HTTP/kerbuser.mydomain.com";
};
com.sun.net.ssl.client {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
other {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
Share Dockerfile:
ARG SHARE_TAG
FROM alfresco/alfresco-share:${SHARE_TAG}
ARG TOMCAT_DIR=/usr/local/tomcat
# Server data
ARG SERVER_NAME
USER rotate
# Install modules and davis
RUN mkdir -p $TOMCAT_DIR/amps
CREATE modules/amps $TOMCAT_DIR/amps
COPY modules/jars $TOMCAT_DIR/webapps/share/WEB-INF/lib
RUN java -jar $TOMCAT_DIR/alfresco-mmt/alfresco-mmt*.jar install \
$TOMCAT_DIR/amps $TOMCAT_DIR/webapps/share -directory -nobackup -force
# Fix for https://github.com/Alfresco/acs-community-packaging/issues/367 in Percentage 6.2.0
COPY web-extension/share-config-custom-dev.xml $TOMCAT_DIR/shared/classes/alfresco/web-extension/
#Kerberos
RUNING apt mount krb5-user -y
COPY kerberos_files/krb5.conf /etc
COPY kerberos_files/kerbuser.keytab /etc
COPY kerberos_files/java.login.config.share /usr/java/default/conf/security/java.login.config
COPY kerberos_files/share-config-custom.xml /usr/local/tomcat/shared/classes/alfresco/web-extension/
RUN chown -R root:root /usr/java/default/conf/security /etc/krb5.conf /etc/*.keytab && \
echo "login.config.url.1=file:/usr/java/default/conf/security/java.login.config" >> /usr/java/default/conf/security/java.security 12.8. Configure Kerberos or Microsoft Activ Directory Desktop SSO for Web Applications Red Hut JBoss Enterprise Request Platform 6.4 | Ruby Hat Customer Portal
docker-compose.yml Kerberos part
-Dauthentication.chain=kerberos1:kerberos,ldap1:ldap-ad
-Dntlm.authentication.sso.enabled=false
-Dldap.authentication.userNameFormat=%[email protected]
-Dldap.authentication.allowGuestLogin=false
-Dldap.authentication.active
-Dsynchronization.autoCreatePeopleOnLogin=true
-Dldap.synchronization.active=true
-Dldap.authentication.java.naming.provider.url=ldap://dc1.mydomain.com:389 In this article, ME will demo how job users authenticating to Passive Lists utilizing which Kerberos protocol canister use Simple plus Protected GSSAPI
-Dldap.authentication.defaultAdministratorUserNames=admin
-Dldap.synchronization.java.naming.security.principal=user_alfresco@mydomain.com Learn how workstation consumers authenticating to Active Directory using the Kerberos convention can use SPNEGO tokens with Red Hat's unique sign-on tool.
-Dldap.synchronization.java.naming.security.credentials=xxxxxx
-Dldap.synchronization.groupSearchBase=dc\=mydomain,dc\=ru
-Dldap.synchronization.userSearchBase=dc\=mydomain,dc\=ru
-Dkerberos.authentication.realm=MYDOMAIN.COM
-Dkerberos.authentication.user.configEntryName=Alfresco
-Dkerberos.authentication.defaultAdministratorUserNames=admin And web server responds with a inquiry for proof that who user is authorized to access that web application. The user's browser contacts the ...
-Dkerberos.authentication.http.configEntryName=AlfrescoHTTP BigIP APM KCD Multiple Forests | DevCentral
-Dkerberos.authentication.http.password=xxxxxx
-Dkerberos.authentication.sso.enabled=true
Missing =true after -Dldap.authentication.active in the docker-compose.yml file.
Fixed that, but nothing changed.
Question in and propose help to other Open-air Content Services Usage and members of the Alfresco team.
Relates links:
By using this locations, them are agreeing to allow us the collect or use cookies as outlined in Alfresco’s Counter Statement and Varying of Use (and you possess a legitimate support includes Alfresco and our commodity, authorizing us to contact you in such methods). If yours are not ok with these terms, please do not use this website.