Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache2 kerberos SSO through reverse proxy |
|
| Author |
|
Vidar
Joined: 24 Apr 2014
Posts: 3
Location: Belgium
|
 Posted: Thu 24 Apr '14 11:13 Post subject: Apache2 kerberos SSO through reverse proxy |
 |
|
Hi,
I'm trying to do a setup of alfresco.It has two basic sites. http://servername:port/alfresco and http://servername:port/share. Both use kerberos authentication. Alfresco has SSO and share has not. Both sites are on the same server (its just one site but different subs)
I want to put this behind a reverse proxy to eliminate the servername:port combination.
When I put it in a normal config with ajp everything works fine for the share website. I can login without problems. Not so however for the alfresco website. I get a browser login request (not the alfresco one) when i enter my credentials he asks them again and again and then he ends on the regular login page of alfresco at which point everything works. The username I entered is displayed at this point. When I do not enter my credentials correct I do not reach the page.
If I remove the SSO from the alfresco website everything is normal (but i have to login)
Anybody an idea? If the backend can authenticate I don't see why this is actually happening. |
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Thu 24 Apr '14 15:13 Post subject: |
|
|
I am sorry, but this is not a problem of the apache working as reverse proxy, but a problem of the tomcat/apache configuration on the alfresco-server.
We have had the same problem with our alfresco system and it was solved on the alfresco side.
Unfortunately i don't know what was changed in the configuration - when the alfresco admin changed the settings i have not been there. 
Besides this the behaviour changed with the last alfresco-updates several times. So be aware of the patch-level.
Greets
JR |
|
| Back to top |
|
Vidar
Joined: 24 Apr 2014
Posts: 3
Location: Belgium
|
| Posted: Fri 25 Apr '14 10:13 Post subject: |
|
|
And how did you do the config then?
just a proxypass with the ajp connector?
Do i need to auth the clients in apache through mod_auth_kerb or mod_auth_SSPI?
No rewrite? |
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Fri 25 Apr '14 10:45 Post subject: |
|
|
Our reverse proxy configuration is simple:
| Code: |
<VirtualHost *:443>
(other definitions)
########################
# Section for Alfresco #
########################
<Location /alfresco>
ProxyPreserveHost Off
ProxyPass http://alfresco-server.domain.com/alfresco
ProxyPassReverse http://alfresco-server.domain.com/alfresco
SetEnv proxy-initial-not-pooled
Header append Vary User-Agent env=!dont-vary
</Location>
<Location /share>
ProxyPreserveHost Off
ProxyPass http://alfresco-server.domain.com/share
ProxyPassReverse http://alfresco-server.domain.com/share
SetEnv proxy-initial-not-pooled
Header append Vary User-Agent env=!dont-vary
</Location>
</VirtualHost> |
No rewrite! |
|
| Back to top |
|
|
|
|
|
|
