Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

authentication with ticket not supported .. issue with nginx ? #207

Open
meufeu opened this issue Oct 3, 2024 · 7 comments
Open

authentication with ticket not supported .. issue with nginx ? #207

meufeu opened this issue Oct 3, 2024 · 7 comments

Comments

@meufeu
Copy link

meufeu commented Oct 3, 2024

Hi,

Thank you for the great work but I have an issue.
I can retrieve a ticket with the old url http://localhost/alfresco/s/api/login?u=admin&pw=admin (I retrieve the same ticket with the new one)

But I cannot use it ..

I have another instance installed in the old way, without any docker, and working fine without any kind of special configuration.
I saw taht nginx is not confured exactly in the same way . maybe the root cause ?

Thank you !

`[root@test-gedi alfresco]# curl 'http://localhost/alfresco/s/api/login?u=admin&pw=admin'

TICKET_e3ca707b79981e005ab387a0d76bb4ecb7a049ba
[root@test-gedi alfresco]# echo TICKET_e3ca707b79981e005ab387a0d76bb4ecb7a049ba | openssl base64
VElDS0VUX2UzY2E3MDdiNzk5ODFlMDA1YWIzODdhMGQ3NmJiNGVjYjdhMDQ5YmEK
[root@test-gedi alfresco]# echo -n TICKET_e3ca707b79981e005ab387a0d76bb4ecb7a049ba | openssl base64
VElDS0VUX2UzY2E3MDdiNzk5ODFlMDA1YWIzODdhMGQ3NmJiNGVjYjdhMDQ5YmE=
[root@test-gedi alfresco]# curl -s -v -H 'Accept: application/json' -H 'Authorization: Basic VElDS0VUX2UzY2E3MDdiNzk5ODFlMDA1YWIzODdhMGQ3NmJiNGVjYjdhMDQ5YmE=' -X GET "http://localhost/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-"

  • About to connect() to localhost port 80 (#0)
  • Trying 127.0.0.1...
  • Connected to localhost (127.0.0.1) port 80 (#0)

GET /alfresco/api/-default-/public/alfresco/versions/1/nodes/-root- HTTP/1.1
User-Agent: curl/7.29.0
Host: localhost
Accept: application/json
Authorization: Basic VElDS0VUX2UzY2E3MDdiNzk5ODFlMDA1YWIzODdhMGQ3NmJiNGVjYjdhMDQ5YmE=

< HTTP/1.1 401
< Server: nginx/1.24.0
< Date: Thu, 03 Oct 2024 13:35:40 GMT
< Content-Type: text/html;charset=UTF-8
< Content-Length: 80
< Connection: keep-alive
< WWW-Authenticate: Negotiate
< WWW-Authenticate: Basic realm="Alfresco Server"
<

Login failed. Please try again.

* Connection #0 to host localhost left intact [root@test-gedi alfresco]# curl -s -v -u admin:admin -H 'Accept: application/json' -X GET "http://localhost/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-" * About to connect() to localhost port 80 (#0) * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 80 (#0) * Server auth using Basic with user 'admin' > GET /alfresco/api/-default-/public/alfresco/versions/1/nodes/-root- HTTP/1.1 > Authorization: Basic YWRtaW46YWRtaW4= > User-Agent: curl/7.29.0 > Host: localhost > Accept: application/json > < HTTP/1.1 200 < Server: nginx/1.24.0 < Date: Thu, 03 Oct 2024 13:35:58 GMT < Content-Type: application/json;charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < Set-Cookie: JSESSIONID=B2404660CC3841C7F13EC100365B668F; Path=/alfresco; HttpOnly < X-Frame-Options: SAMEORIGIN < Cache-Control: no-cache < Expires: Thu, 01 Jan 1970 00:00:00 GMT < Pragma: no-cache < * Connection #0 to host localhost left intact {"entry":{"aspectNames":["cm:titled","cm:auditable","app:uifacets"],"createdAt":"2024-08-26T12:41:40.091+0000","isFolder":true,"isFile":false,"createdByUser":{"id":"System","displayName":"System"},"modifiedAt":"2024-08-26T12:46:07.071+0000","modifiedByUser":{"id":"PM155174","displayName":"Patrick MAINI"},"name":"Company Home","id":"f8707c2f-c04d-4eba-9a58-4ea0f4d2c9e7","nodeType":"cm:folder","properties":{"cm:title":"Company Home","cm:description":"The company root space","app:icon":"space-icon-default"}}}[root@test-gedi alfresco]# `
@aborroy
Copy link
Contributor

aborroy commented Oct 3, 2024

Not sure if I understand your question.

When using Basic Auth with the REST API you need to use user credentials (like admin:admin).

When using a Ticket for authentication, you need to use a parameter alf_ticket, like:

curl -s -v -H 'Accept: application/json' -X GET "http://localhost/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-?alf_ticket=TICKET_e3ca707b79981e005ab387a0d76bb4ecb7a049ba"

May you describe explicitly what is the request that is failing?

@meufeu
Copy link
Author

meufeu commented Oct 3, 2024

Thank for your answer

I'm refering to this page : https://docs.alfresco.com/content-services/latest/develop/rest-api-guide/install/
and this method is working great when I don't install with docker ..

giving alf_ticket as a parameter give the same result >> login failed

[root@test-gedi alfresco]# curl -s -v -H 'Accept: application/json' -X GET "http://localhost/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-?alf_ticket=TICKET_e3ca707b79981e005ab387a0d76bb4ecb7a049ba"
* About to connect() to localhost port 80 (#0)
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-?alf_ticket=TICKET_e3ca707b79981e005ab387a0d76bb4ecb7a049ba HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost
> Accept: application/json
>
< HTTP/1.1 401
< Server: nginx/1.24.0
< Date: Thu, 03 Oct 2024 13:56:52 GMT
< Content-Type: text/html;charset=UTF-8
< Content-Length: 80
< Connection: keep-alive
< Set-Cookie: JSESSIONID=2B3E8ECDC3BF49C1DF032C78F746E813; Path=/alfresco; HttpOnly
< WWW-Authenticate: Negotiate
<
<html><head>
</head><body><p>Login failed. Please try again.</p>
</body></html>
* Connection #0 to host localhost left intact
[root@test-gedi alfresco]#

but look, this is working on the same version but installed without docker

[root@irfm-dev-gedi ~]# curl -s -v  -H 'Accept: application/json' -H 'Authorization: Basic VElDS0VUXzFlOGY0MzgyNDI5N2IwODNmMDQyYWE3OWEyY2M3NGU1MmFmZWEzZGE=' -X GET "http://localhost/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-"
* About to connect() to localhost port 80 (#0)
*   Trying ::1...
* Connexion refusée
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /alfresco/api/-default-/public/alfresco/versions/1/nodes/-root- HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost
> Accept: application/json
> Authorization: Basic VElDS0VUXzFlOGY0MzgyNDI5N2IwODNmMDQyYWE3OWEyY2M3NGU1MmFmZWEzZGE=
>
< HTTP/1.1 200
< Server: nginx/1.20.1
< Date: Thu, 03 Oct 2024 13:54:15 GMT
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
<
* Connection #0 to host localhost left intact
{"entry":{"aspectNames":["cm:titled","cm:auditable","app:uifacets"],"createdAt":"2023-05-31T13:38:37.333+0000","isFolder":true,"isFile":false,"createdByUser":{"id":"System","displayName":"System"},"modifiedAt":"2024-03-15T10:16:04.025+0000","modifiedByUser":{"id":"Test","displayName":"test test"},"name":"Espace racine","id":"e76bef9a-c60f-43cd-b675-2f3d1cbc7e33","nodeType":"cm:folder","properties":{"cm:title":"Espace racine","cm:description":"Espace racine de la société","app:icon":"space-icon-default"}}}[root@irfm-dev-gedi ~]#
[root@irfm-dev-gedi ~]#

@aborroy
Copy link
Contributor

aborroy commented Oct 3, 2024

Again, I have no idea what you mean...

Put a single curl command that works with manual installation and fails with docker installation. Without verbose information, please. Just only response obtained and response expected.

Thanks.

@meufeu
Copy link
Author

meufeu commented Oct 3, 2024

well

curl -s -v -H 'Accept: application/json' -H 'Authorization: Basic VElDS0VUXzFlOGY0MzgyNDI5N2IwODNmMDQyYWE3OWEyY2M3NGU1MmFmZWEzZGE=' -X GET "http://localhost/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-"

works on another serverand give me results.

but on a docker installed I get an 401 error :

Login failed. Please try again.

It is not a matter of account because it's working with admin:admin, just not working with a ticket.

@meufeu
Copy link
Author

meufeu commented Oct 3, 2024

in the same way

this
curl -s -v -H 'Accept: application/json' -X GET "http://localhost/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-?alf_ticket=TICKET_e3ca707b79981e005ab387a0d76bb4ecb7a049ba"

works perfectly on another server
but failed with 401 error "login failed" on the docker based installation.

@aborroy
Copy link
Contributor

aborroy commented Oct 4, 2024

With a default Docker Compose, following sequence works for me.

curl --location 'http://localhost/alfresco/s/api/login?u=admin&pw=admin'
<?xml version="1.0" encoding="UTF-8"?>
<ticket>TICKET_8eff23505369baa5941a1c53e3db49aa1821cb23</ticket>
curl --location 'http://localhost/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-?alf_ticket=TICKET_8eff23505369baa5941a1c53e3db49aa1821cb23'
200 OK

@meufeu
Copy link
Author

meufeu commented Dec 19, 2024

Thanks
This is also working .. but .. this is not secure (a password given clearly in the URL!!!) and this is not the way it is supposed to be working (as it is specified in the documentation)

https://docs.alfresco.com/content-services/6.0/develop/rest-api-guide/install/#auth

this "alf_ticket" should be encrypted in base64 and then given in the header ..

I can't figure out it's not working like that .. but I reproduce it from a default docker compose

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants