Hello,
Does anyone have a zip file of alfresco on docker with kerberos already integrated so i can enter my settings (kdc,realms,etc.) and get it to work somehow. I am trying to enable kerberos for weeks now and i am getting really desperate.
Please help.
Thank you in advance!
Hello thank you very much for your response, i started docker container and am getting error:
javax.security.auth.login.LoginException: dev-win2008.oficina.keensoft.es: Name or service not known
I changed:
extra_hosts:
- "dev-win2008.oficina.keensoft.es:192.168.14.34" to:
extra_hosts:
- "dev-win2008.oficina.keensoft.es:192.168.1.124" where 192.168.1.124 is my windows server ip address.
Do I need to change something else?
Thank you very much for your help i really appreciate it!
The "dev-win2008.oficina.keensoft.es" is Keensoft domain host name. You should replace all settings like this to yours.
Hello,
i changed it everywhere and now i got
2019-09-03 14:34:42,734 ERROR [site.servlet.SSOAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos web filter error
share_1 | javax.security.auth.login.LoginException: null (68)
share_1 | at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
share_1 | at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
share_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
share_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
share_1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
share_1 | at java.lang.reflect.Method.invoke(Method.java:498)
share_1 | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
share_1 | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
share_1 | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
share_1 | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
share_1 | at java.security.AccessController.doPrivileged(Native Method)
share_1 | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
share_1 | at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
share_1 | at org.alfresco.web.site.servlet.SSOAuthenticationFilter.init(SSOAuthenticationFilter.java:321)
share_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
share_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
share_1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
share_1 | at java.lang.reflect.Method.invoke(Method.java:498)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1640)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1581)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1511)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:521)
share_1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
share_1 | at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
share_1 | at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
share_1 | at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
share_1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
share_1 | at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:636)
share_1 | at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:938)
share_1 | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
share_1 | at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
share_1 | at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
share_1 | at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
share_1 | at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5016)
share_1 | at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5524)
share_1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
share_1 | at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
share_1 | at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
share_1 | at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
share_1 | at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:672)
share_1 | at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1859)
share_1 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
share_1 | at java.util.concurrent.FutureTask.run(FutureTask.java:266)
share_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
share_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
share_1 | at java.lang.Thread.run(Thread.java:748)
share_1 | Caused by: KrbException: null (68)
share_1 | at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
share_1 | at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
share_1 | at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
share_1 | at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776)
share_1 | ... 45 more
share_1 | Caused by: KrbException: Identifier doesn't match expected value (906)
share_1 | at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
share_1 | at sun.security.krb5.internal.ASRep.init(ASRep.java:64)
share_1 | at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59)
share_1 | at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
share_1 | ... 48 more
Do you have any advice?
Thanks for your effort to help me!
You have to configure at last /docker/alfresco/assets/kerberos/krb5.conf
You have to mare .keytab files and configure Active Directory.
...
I don't check all your configuration files. Check it by yourself. You have Angel's sample. All steps of kerberos configuration described in official documentation.
p.s. please don't generate new topics for one subject. Let's continue here.
Hello,
I finally don't have any errors but it still doesn't work.
2019-09-05 11:22:41,321 DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos login successful
2019-09-05 11:22:41,322 DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] Logged on using principal HTTP/alfresco.server.net@SERVER.NET
2019-09-05 11:22:41,331 DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos login successful
2019-09-05 11:22:41,331 DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] Logged on using principal HTTP/alfresco.server.net@SERVER.NET
I configured Internet Explorer as so: Internet Options/Security/Intranet/Custom level/Automatic logon with current name and password.
Also i ran "kinit -p -f" for my user account and after entering password it says : 'New ticket is stored in cache file C:\Users\Mirko\krb5cc_mirko"
but when I run "klist" it says
Current LogonId is 0:0x345b0c8b
Cached Tickets: (0)
Also i can log in using ldap accounts.
You helped a great deal so far and I am very grateful.
If you know anything about this please help. Thank you in advance.
Client configuration of IE have two steps. Do you
add Alfresco Content Services web server is in the Local Intranet security zone?
Check Tools > Internet Options > Security > Local Intranet > Sites > Advanced, and then add the necessary domain name, for example, http://server.com or http://*.company.com.
Full description is here Step 4. Kerberos client configuration
p.s. IE and Chrome use a lot of configuration parameters, including system. Try Firefox first. It's simplest way to SSO.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.