OpenAM版本-12,代理版本3.5和3.3版本的Tomcat 7
我试图跟随链接https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/sso-openam-06052012建立我的J2EE代理。 让我贴问这个问题之后的步骤(见末)
但我得到了如下错误问
无法上添加用户自己定制的数据存储为用户配置J2EE代理提供
我曾尝试使用安装3.5版和卸载多次,并试图以前的版本。
有关于这个主题的一个很好的讨论http://database.developer-works.com/article/16009911/%22Cannot+obtain+Application+SSO+token%22+error ,但它并没有帮助我很多。
我使用LDAP,所以我已经使用LDAP领域和主题都出现了确定。 我也是观察该政策标签已改变了不少,从它是如何在博客中描述。
现在用路障我不知道如何着手的错误没有给我任何线索做什么。 我甚至增加了一个名为AMConfig.properties文件中与该代理的用户名和密码的类路径,并试图OpenAM管理员的用户名和密码也为中提到的讨论建议。 但也没有帮助。
问题是Tomcat的现在没有启动,给错误AMConfig.properties属性需要
我知道OpenAM境界设置是好的,我能够通过这种境界到另一个应用程序(Liferay的),我只需要给使用OpenAM集成的URL登录。 但代理的卸载后,Tomcat启动时没有任何错误,我能够登录到该应用程序
-------------------Step copied from 1st link(modified)--------------------------
1. Configure your OpenAM agent (tried both 3.5 and 3.3 version on tomcat 7)
a. Log into OpenAM as the admin user and navigate to "Access Control -> (Your Realm) - where in my case LDAP Realm (other application using it without issue)
b. Select Policies -> New Policy
c. Enter Share as the policy name and then create 2 new URL Policy agent rules
d. 1st Resource Name = http://:/share/*
e. 2nd Resource Name = http://alfresco.domain.com:8080/share/*?*
f. Add a subjects - already part of LDAP Realm
g. Now select Agents -> J2EE - > (your J2EE agent)
h. Select the Application tab
i. Login Processing -> Login Form URI - add /share/page/dologin
j. Logout Processing -> Application Logout URL - add Map Key = share - Corresponding Map Value = /share/page/dologout
k. Not Enforced URI Processing - Add 2 entries - /share and /share/
l. Profile Attributes Processing - Select HTTP_HEADER and add Map Key = uid - Corresponding Map Value = SsoUserHeader (This is what I called my header in the alfresco-global.properties file - see below)
Auth chain
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
alfresco.authentication.allowGuestLogin=true
SSO settings
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=SsoUserHeader
NOTE- It does not seem possible to configure SSO where the Guest login has been disabled. There are webscripts used on the Alfresco repository that need guest login.
That concludes the setup for Alfresco and OpenAM
For Share you need to have the following section uncommented in your share-config-custom.xml
alfresco/web-extension/alfresco-system.p12
pkcs12
alfresco-system
alfrescoCookie
Alfresco Connector
Connects to an Alfresco instance using cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
alfrescoHeader
Alfresco Connector
Connects to an Alfresco instance using header and cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
SsoUserHeader
alfresco
Alfresco - user access
Access to Alfresco Repository WebScripts that require user authentication
alfrescoHeader
http://alfreso.domain.com:8080/alfresco/wcs
user
true
Notice I am not using the SSL cert and in my alfrescoHeader connector I have used SsoUserHeader (as setup in OpenAM) and the endpoint uses the alfrescoHeader connector
Now you need to add the OpenAM filter to the Share web.xml file
Add the following filter just before the Share SSO authentication support filter
Agent
com.sun.identity.agents.filter.AmAgentFilter
Add the following filter mapping to the filter-mapping section
Agent
REQUEST
INCLUDE
FORWARD
ERROR
----- End ----------
