CMiS authentication

Post here questions and problems related to oXygen frameworks/document types.
mwiechec
Posts: 17
Joined: Mon Nov 19, 2018 10:49 pm

CMiS authentication

Post by mwiechec »

We currently integrate with oxygen and alfresco by using the webdav plugin. We login to alfresco outside of oxygen and then launch oxygen with the following url.

Code: Select all

http://oxygen.dev.eb.com/oxygen-xml-web-author/app/oxygen.html?url=webdav-http%3A%2F%2Falfresco.dev.eb.com%2Falfresco%2Fwebdav%2FSites%2FCore%2FdocumentLibrary%2FEB%2FWork%2Fcanada%2520-%2520Flag%2520History.xml%3Fticket%3DTICKET_5e8be5c668774bb6d5019e83ab05acebde6db016&author=mwiechec
In the url we pass the authentication ticket and this works. We would like to use the cmis plugin instead and have the checkin/out and version capabilites. I can get to document with the following url, but it prompts us to login.

Code: Select all

http://oxygen.dev.eb.com/oxygen-xml-web-author/app/oxygen.html?url=cmis%3A%2F%2Fhttp%253A%252F%252Falfresco.dev.eb.com%252Falfresco%252Fapi%252F-default-%252Fpublic%252Fcmis%252Fversions%252F1.1%252Fatom%2F-default-%2FSites%2FCore%2FdocumentLibrary%2FEB%2FWork%2Fcanada%2520-%2520Flag%2520History.xml
So my question is how can I pass the authentication information from alfresco, to avoid having to re-login in webauthor.

Thank you,
Mark Wiechec
cristi_talau
Posts: 489
Joined: Thu Sep 04, 2014 4:22 pm

Re: CMiS authentication

Post by cristi_talau »

Hello,

The CMIS plugin only supports username & password authentication out-of-the-box. However, supporting alfresco tickets sounds like a nice feature to add.

From what I have read, alfresco accepts the ticket in the password field as long as the user is "ROLE_TICKET" [1]. Can you confirm that if you use the following credentials Web Author manages to connect to alfresco?
Username: ROLE_TICKET
Password: <the-ticket>

If yes, we can create an API that you can use to submit also the ticket in the URL.

Best,
Cristian


[1] https://issues.alfresco.com/jira/browse ... ment-98814
mwiechec
Posts: 17
Joined: Mon Nov 19, 2018 10:49 pm

Re: CMiS authentication

Post by mwiechec »

Yes the credentials user=ROLE_TICKET and password=[ticket] works.

Thanks,
Mark Wiechec
mwiechec
Posts: 17
Joined: Mon Nov 19, 2018 10:49 pm

Re: CMiS authentication

Post by mwiechec »

One more thing, the username in upper right corner show ROLE_TICKET as the user. I tried the &author=mwiechec at the end of url but it does not appear to be used. If this could be enabled it would be great.

Mark
cristi_talau
Posts: 489
Joined: Thu Sep 04, 2014 4:22 pm

Re: CMiS authentication

Post by cristi_talau »

Hello,

An easy solution for us would be to add an "alf_ticket" URL param to be used by the editor. In this case, the end-user will not be asked for username and password. The author name will be picked-up from the URL parameters as you suggested.

However, the problem is that the ticket expires and then Web Author needs a way to request another ticket from Alfresco. This problem can be solved in multiple ways:
1. Ignore it.
2. The CMIS plugin can be extended to provide an Alfresco-specific authentication mechanism. However, this is not a top priority for us and may take some time until it will implemented.
3. Decide on a simple API that Web Author can use to request a token from your Alfresco integration. Here I assume you already customize Alfresco to pass add an action to open Oxygen XML Web Author. If we choose this approach, please provide us more details about your custmization.

Which approach would you prefer?

Best,
Cristian
mwiechec
Posts: 17
Joined: Mon Nov 19, 2018 10:49 pm

Re: CMiS authentication

Post by mwiechec »

The "alf_ticket" url parameter will work for us. As for the expired ticket scenario, currently with the webdav connector in webauthor displays a message titled "Failed to save your changes" and suggests to "save as" or "download". This rarely occurs for us and this behavior would be acceptable going forward in the CMIS connector, I believe is option 1 in your list.

However, If oxygen can detect that the save failed due to an expired ticket perhaps another option would be at this point to display the "Authentication Required" dialog and use the current authentication mechanism provided by oxygen. This way the user will not not loose any changes.

Thank You
Mark
Attachments
image.png
image.png (18.52 KiB) Viewed 3672 times
image.png
image.png (18.52 KiB) Viewed 3672 times
cristi_talau
Posts: 489
Joined: Thu Sep 04, 2014 4:22 pm

Re: CMiS authentication

Post by cristi_talau »

Hello,

I like the idea with showing the login dialog if the ticket expires. I updated the internal feature request with these details. I will update this thread when we have something implemented.

Best,
Cristian
mwiechec
Posts: 17
Joined: Mon Nov 19, 2018 10:49 pm

Re: CMiS authentication

Post by mwiechec »

I was just wondering if there was any update on this feature. Thanks.
cristi_talau
Posts: 489
Joined: Thu Sep 04, 2014 4:22 pm

Re: CMiS authentication

Post by cristi_talau »

Hello,

Unfortunately, we do not have any news on this issue. We have it on our list and will update this forum post when we have something that you can test.

In order to prioritize the issue I would like to understand how important this feature is for your organization.

Best,
Cristian
mwiechec
Posts: 17
Joined: Mon Nov 19, 2018 10:49 pm

Re: CMiS authentication

Post by mwiechec »

Christian,

We are very interested in switching from Webdav to CMIS. It gives us the checkin and checkout capability with major and minor versions. Also the ablilty to view the previous versions would be a great benefit to our users. The login mechanism is the only thing holding us up from implementing this. So if there is a way to raise the priority of this issue we would appreciate it.

Thank you for your consideration,
Mark Wiechec
cristi_talau
Posts: 489
Joined: Thu Sep 04, 2014 4:22 pm

Re: CMiS authentication

Post by cristi_talau »

Hello,

Thanks for your feedback. I investigated and I was able to generate an alfresco ticket using the Alfresco REST API. Now we have a way to test this customization. I will increase the priority of this issue.

Best,
Cristian
Post Reply