CMiS authentication

Post here questions and problems related to oXygen frameworks/document types.
mwiechec
Posts: 7
Joined: Mon Nov 19, 2018 10:49 pm

CMiS authentication

Post by mwiechec » Tue Mar 17, 2020 7:45 pm

We currently integrate with oxygen and alfresco by using the webdav plugin. We login to alfresco outside of oxygen and then launch oxygen with the following url.

Code: Select all

http://oxygen.dev.eb.com/oxygen-xml-web-author/app/oxygen.html?url=webdav-http%3A%2F%2Falfresco.dev.eb.com%2Falfresco%2Fwebdav%2FSites%2FCore%2FdocumentLibrary%2FEB%2FWork%2Fcanada%2520-%2520Flag%2520History.xml%3Fticket%3DTICKET_5e8be5c668774bb6d5019e83ab05acebde6db016&author=mwiechec
In the url we pass the authentication ticket and this works. We would like to use the cmis plugin instead and have the checkin/out and version capabilites. I can get to document with the following url, but it prompts us to login.

Code: Select all

http://oxygen.dev.eb.com/oxygen-xml-web-author/app/oxygen.html?url=cmis%3A%2F%2Fhttp%253A%252F%252Falfresco.dev.eb.com%252Falfresco%252Fapi%252F-default-%252Fpublic%252Fcmis%252Fversions%252F1.1%252Fatom%2F-default-%2FSites%2FCore%2FdocumentLibrary%2FEB%2FWork%2Fcanada%2520-%2520Flag%2520History.xml
So my question is how can I pass the authentication information from alfresco, to avoid having to re-login in webauthor.

Thank you,
Mark Wiechec

cristi_talau
Posts: 243
Joined: Thu Sep 04, 2014 4:22 pm

Re: CMiS authentication

Post by cristi_talau » Tue Mar 17, 2020 8:11 pm

Hello,

The CMIS plugin only supports username & password authentication out-of-the-box. However, supporting alfresco tickets sounds like a nice feature to add.

From what I have read, alfresco accepts the ticket in the password field as long as the user is "ROLE_TICKET" [1]. Can you confirm that if you use the following credentials Web Author manages to connect to alfresco?
Username: ROLE_TICKET
Password: <the-ticket>

If yes, we can create an API that you can use to submit also the ticket in the URL.

Best,
Cristian


[1] https://issues.alfresco.com/jira/browse ... ment-98814

mwiechec
Posts: 7
Joined: Mon Nov 19, 2018 10:49 pm

Re: CMiS authentication

Post by mwiechec » Wed Mar 25, 2020 9:58 pm

Yes the credentials user=ROLE_TICKET and password=[ticket] works.

Thanks,
Mark Wiechec

mwiechec
Posts: 7
Joined: Mon Nov 19, 2018 10:49 pm

Re: CMiS authentication

Post by mwiechec » Wed Mar 25, 2020 10:04 pm

One more thing, the username in upper right corner show ROLE_TICKET as the user. I tried the &author=mwiechec at the end of url but it does not appear to be used. If this could be enabled it would be great.

Mark

cristi_talau
Posts: 243
Joined: Thu Sep 04, 2014 4:22 pm

Re: CMiS authentication

Post by cristi_talau » Thu Mar 26, 2020 12:11 pm

Hello,

An easy solution for us would be to add an "alf_ticket" URL param to be used by the editor. In this case, the end-user will not be asked for username and password. The author name will be picked-up from the URL parameters as you suggested.

However, the problem is that the ticket expires and then Web Author needs a way to request another ticket from Alfresco. This problem can be solved in multiple ways:
1. Ignore it.
2. The CMIS plugin can be extended to provide an Alfresco-specific authentication mechanism. However, this is not a top priority for us and may take some time until it will implemented.
3. Decide on a simple API that Web Author can use to request a token from your Alfresco integration. Here I assume you already customize Alfresco to pass add an action to open Oxygen XML Web Author. If we choose this approach, please provide us more details about your custmization.

Which approach would you prefer?

Best,
Cristian

mwiechec
Posts: 7
Joined: Mon Nov 19, 2018 10:49 pm

Re: CMiS authentication

Post by mwiechec » Fri Mar 27, 2020 7:27 pm

The "alf_ticket" url parameter will work for us. As for the expired ticket scenario, currently with the webdav connector in webauthor displays a message titled "Failed to save your changes" and suggests to "save as" or "download". This rarely occurs for us and this behavior would be acceptable going forward in the CMIS connector, I believe is option 1 in your list.

However, If oxygen can detect that the save failed due to an expired ticket perhaps another option would be at this point to display the "Authentication Required" dialog and use the current authentication mechanism provided by oxygen. This way the user will not not loose any changes.

Thank You
Mark
Attachments
image.png
image.png (18.52 KiB) Viewed 185 times
image.png
image.png (18.52 KiB) Viewed 185 times

cristi_talau
Posts: 243
Joined: Thu Sep 04, 2014 4:22 pm

Re: CMiS authentication

Post by cristi_talau » Fri Mar 27, 2020 8:01 pm

Hello,

I like the idea with showing the login dialog if the ticket expires. I updated the internal feature request with these details. I will update this thread when we have something implemented.

Best,
Cristian

Post Reply