我正在尝试在 Alfresco 前面使用 apache(shibboleth 模块)使用远程身份验证来配置 alfresco - 本质上是在身份验证后将 REMOTE_USER 从 apache 传递到 alfresco。我可以配置 alfresco,我可以在其中成功登录 /alfresco(经典资源管理器 gui),但是 /share(较新的 gui)没有让我登录。有没有人遇到过/解决了这个问题?
以下是一些细节:
使用 shibboleth mod 设置 apache(因为我自动登录到 /alfresco,所以可以使用)
在 apache 中为 /alfresco 和 /share 设置 ajp 条目。
露天探险家
ProxyPass /alfresco ajp://127.0.0.1:8009/alfresco
ProxyPassReverse /alfresco ajp://127.0.0.1:8009/alfresco
露天分享
ProxyPass /share ajp://127.0.0.1:8009/share
ProxyPassReverse /share ajp://127.0.0.1:8009/share
设置tomcat ajp条目
设置 /tomcat/shared/classes/alfresco-global.properties 与
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm external.authentication.proxyUserName=external.authentication.proxyHeader=external.authentication.enabled=true
在 share-config-custom.xml 中,我在下面输入了建议的 xml 条目:
块引用
<alfresco-config>
<!-- Repository Library config section -->
<config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
<!--
Whether the link to the Repository Library appears in the header component or not.
-->
<visible>true</visible>
</config>
<config evaluator="string-compare" condition="Remote">
<remote>
<endpoint>
<id>alfresco-noauth</id>
<name>Alfresco - unauthenticated access</name>
<description>Access to Alfresco Repository WebScripts that do not require authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<identity>none</identity>
</endpoint>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<identity>user</identity>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>http</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<basic-auth>true</basic-auth>
<identity>user</identity>
</endpoint>
<endpoint>
<id>activiti-admin</id>
<name>Activiti Admin UI - user access</name>
<description>Access to Activiti Admin UI, that requires user authentication</description>
<connector-id>activiti-admin-connector</connector-id>
<endpoint-url>http://localhost:8080/alfresco/activiti-admin</endpoint-url>
<identity>user</identity>
</endpoint>
</remote>
</config>
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
块引用