I want to login into Alfresco Dashboard with google credentials. I have seen a sample application below.
https://github.com/gdepourtales/share-oauth-sso
but it is not working for me.
I am using Alfresco 5.0 enterprise version.
I have downloaded the project and i have followed all the steps
I have build the project which was mentioned and deployed the jars.
I have added below snippet in web.xml file
<filter>
<description>Oauth Authentication Support</description>
<filter-name>OAuthAuthenticationFilter</filter-name>
<filter-class>ch.gadp.alfresco.OAuthSSOAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>OAuthAuthenticationFilter</filter-name>
<url-pattern>/page/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>OAuthAuthenticationFilter</filter-name>
<url-pattern>/p/*</url-pattern>
</filter-mapping>
I have added the below configuration in share-config.custom.xml file
<config evaluator="string-compare" condition="OAuthFilter"> <!-- the condition must always be OAuthFilter -->
<repository>
<!-- The host of the Alfresco repository webapp -->
<host>localhost</host>
<!-- The port of the Alfresco repository webapp. Put 80 for standard HTTP-->
<port>8081</port>
<!-- The protocol to access the Alfresco repository -->
<protocol>http</protocol>
<!-- The API access URI. If you use standard Alfresco, this should not change -->
<api>/alfresco/service/api</api>
<!-- The admin user who is able to create new users -->
<admin>admin</admin>
<!-- The password of the admin user -->
<password>admin</password>
<!-- The unique password for all users authenticated with OAuth. Choose one very complicated :) -->
<user-password>gotpxdKFjA_uxzG5SdGu</user-password>
<!-- The domains for which incoming user should be restricted to. If blank, any valid email will be accepted -->
<user-domains>nxc.no</user-domains>
</repository>
<oauth-api>
<!-- The key of your API application -->
<key>my key</key>
<!-- The URI from which get the user profile informations -->
<uri>https://www.googleapis.com/oauth2/v1/userinfo</uri>
<!-- The secret of your API application -->
<secret>my secret</secret>
<!-- The scope(s) for getting data -->
<scope>https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email</scope>
<!-- This is a constant and my be different in future releases -->
<name>GoogleApi</name>
</oauth-api>
</config>
and i have started the server but I am not seeing any change.
How I can Know the process of user login to the dashboard.Because everything written in alfresco is a web-script how can i make a google user to login into Dashboard.
Any answer will help me a lot Thank you!.
You can extend the following project - https://github.com/FlexSolution/SocialLogin. It uses oauth2 to login Alfresco by using LinkedIn account
The video how it works is available on youtube - https://www.youtube.com/watch?v=4dpueBkL-Jo&index=5&list=PLjxSLwMQLhLifbIIC5qkVio8VoakzncXg
You'd want to use Google2Api these days. Also prompt setting is missing in your config.
<!-- This is a constant and my be different in future releases -->
<name>Google2Api</name>
<!-- Whether to re-prompt the user for consent -->
<prompt>auto</prompt>
Related
I support a website that uses Spring Security (5.3.3.RELEASE). The site can't be displayed in iframe in other sites because of the following configuration
<security:headers>
<security:frame-options policy="SAMEORIGIN"/>
</security:headers>
Now I am asked to allow a few pages to be displayed in iframe in ANY other sites (not a specific list of sites). I looked at the Spring documentation, and it appears that I can add a bean in the following way:
<security:headers>
<security:frame-options policy="SAMEORIGIN" ref="bean_id"/>
</security:headers>
I am not able to find info about what interface or methods the bean (bean_id) must implement or whether it can be used to decide what pages are frameable. Any help or example is really appreciated.
The interface is of type AllowFromStrategy. But that interface is deprecated since the ALLOW-FROM is an obsolete directive that no longer works in modern browsers, see here. The alternative is to use CSP: frame-ancestors.
Spring Security has support for the Content-Security-Policy header. You can rely on the DelegatingRequestMatcherHeaderWriter implementation to add the headers only to specific pages, like so:
<http>
<!-- ... -->
<headers>
<header ref="headerWriter"/>
</headers>
</http>
<beans:bean id="headerWriter"
class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<beans:constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher"
c:pattern="/page-with-csp"/>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter"/>
</beans:constructor-arg>
</beans:bean>
I am trying to implement External SSO in alfresco share. I am using alfresco.4.2.c.
I want to enable debug mode for the classes which are using for Authentication in the case of External SSO.
So please let me know the class names which are using in External SSO.
Depends on which SSO you are integrating say OpenAM, CAS etc
SlingshotUserFactory class is used for default authentication in Alfresco Share
You can override its entry as below in share-config-custom.xml
<config evaluator="string-compare" condition="WebFramework">
<web-framework>
<!-- SpringSurf Autowire Runtime Settings -->
<!-- Developers can set mode to 'development' to disable; SpringSurf caches,
FreeMarker template caching and Rhino JavaScript compilation. -->
<defaults>
<page-type>
<id>login</id>
<page-instance-id>slingshot-login</page-instance-id>
</page-type>
<user-factory>webframework.factory.user.custom.slingshot
</user-factory>
</defaults>
</web-framework>
</config>
Add below entry in custom-slingshot-application-context.xml
<bean id="webframework.factory.user.custom.slingshot" class="com.test.web.site.ExtSlingshotUserFactory"
parent="webframework.factory.user.slingshot">
</bean>
now on login it will call your class for authentication
I need to integrate two ASP.NET sites user-wise. I have a Web Pages ASP.NET 4 site that allows users to login. It has a custom user provider. Now I have written an ASP.NET MVC3 site that needs to work seamlessly with the Web Pages site and to only allow certain actions to be called by certain users that come from Web Pages site's user provider. As a final resort, MVC site can access user datastore of the Web Pages site.
P.S. I can configure ASP.NET MVC site to be in a sub-folder of a Web Pages site in IIS if this is necessary.
To setup FormsAuthentication to be used across multiple sub-domains, configure the following:
Specify the domain of the Authentication cookie without a particular sub-domain - allows the browser to access the Authentication ticket from any sub-domain:
<!-- ... -->
<authentication mode="Forms">
<forms loginUrl="/Index" domain="authtest.com"> ... </forms>
<!-- ... -->
</authentication>
<!-- ... -->
Make sure the separate applications use the same machine keys so they can encrypt/decrypt the authentication ticket properly:
<!-- ... -->
<system.web>
<machineKey validationKey=" ... 3D26FD5F940C2FD0AF8065F29A"
decryptionKey=" ... 940CD33EBCE5065F2F2334D"
validation="SHA1" decryption="AES" />
<!-- ... -->
</system.web>
<!-- ... -->
Everything else is standard ASP.Net Authentication details/configurations.
I have a Spring MVC Web app that I'd like to show a simple Welcome Page (index.html). On that page, I just to have a 2 href links: one to bring me to the Login Page that is then implemented using Spring Security (2.5.6) and Hibernate 3 and the other to a Registration Page for new users.
However, the problem is that Spring Security automatically loads my login page each time and does NOT load the index.html page where I have coded the 2 links to forward me to either login or registration. I am brought to the login page which works fine. However, I never get to show the initial index.html page of my web application.
Can anyone shed light on how to prevent Spring Security from overriding the 'Welcome Page' with it's Login Page.
Many thanks.
Here is my Spring Security set up in web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
WEB-INF/spring-beans.xml
WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
There's nothing wrong with your web.xml file, you need to show us your WEB-INF/spring-security.xml file.
If you keep getting directed to the login page, chances are you mess up the intercept-url pattern that causes your welcome page to be caught by Spring Security for further authentication before displaying it.
This is an example of the intercept-url tags that you will find in your WEB-INF/spring-security.xml file:-
<http auto-config="true" access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/login.jsp*" filters="none"/>
<intercept-url pattern="/admin/searchUsers.do" access="ROLE_ADMIN" />
<intercept-url pattern="/**.do" access="ROLE_USER,ROLE_ADMIN" />
<form-login authentication-failure-url="/login.jsp?login_error=1" default-target-url="/home.do"/>
<logout logout-success-url="/home.do"/>
</http>
use
<form-login login-page="/login.jsp" />
Controller should handle user's request and in your case no controller which mapped to this URL. When controller found, it performs some logic and returns view name which will be used to represent server's response. So, view name translator called only after controller and only for deduce full path to particular JSP file.
<mvc:view-controller path="/" view-name="index"/>
Try to add
I'm a ColdFusion developer looking to break into Flex. I have a couple test Flex applications Ii'm working on, but am having problem connecting to my CFCs. I've tried:
creating mappings in CFAdmin,
putting the CFC in the same folder as the Flex app,
putting the CFC in the C:\Coldfusion8\Gateway\CFC folder,
all to no avail.
Each time, I get the "Could not find the ColdFusion Component or Interface" error. What am I missing?
Here is how I'm invoking the CFC for Flex use.
<mx:RemoteObject id="conn" destination="ColdFusion" source="cfc.bulkmail"
result="orderGrid.dataProvider = event.result;" showBusyCursor="true">
You can also go into your remoting-config.xml file ([coldfusionRoot]wwwroot\WEB-INF\flex) and enable the use of mappings on your coldfusion instance. By default Flex is not allowed to use mappings in locating a cfc instance.
<destination id="ColdFusion">
<channels>
<channel ref="my-cfamf"/>
</channels>
<properties>
<source>*</source>
<!-- define the resolution rules and access level of the cfc being invoked -->
<access>
<!-- Use the ColdFusion mappings to find CFCs, by default only CFC files under your webroot can be found. -->
<use-mappings>false</use-mappings>
<!-- allow "public and remote" or just "remote" methods to be invoked -->
<method-access-level>remote</method-access-level>
</access>
<property-case>
<!-- cfc property names -->
<force-cfc-lowercase>false</force-cfc-lowercase>
<!-- Query column names -->
<force-query-lowercase>false</force-query-lowercase>
<!-- struct keys -->
<force-struct-lowercase>false</force-struct-lowercase>
</property-case>
</properties>
</destination>
what you see is the default. Change the use-mappings key to true and your mappings will now work.
I had similar problems on certain servers. I think it has something to do with how security is setup on your website. I ended up taking the easy route and making my CFC methods remotely accessible and calling them as WebServices.
C:\Coldfusion8\wwwroot\Gateway\CFC is the correct folder
and the cfc.bulkmail is the correct source.
It works, I must've just not had the proper case at one point or the other.
But here's the answer for anyone who has the same problem in the future.