Page 1 of 1

CMiS authentication

Posted: Tue Mar 17, 2020 7:45 pm
by mwiechec
We currently integrate with oxygen and alfresco by using the webdav plugin. We login to alfresco outside of oxygen and then launch oxygen with the following url.

Code: Select all

http://oxygen.dev.eb.com/oxygen-xml-web-author/app/oxygen.html?url=webdav-http%3A%2F%2Falfresco.dev.eb.com%2Falfresco%2Fwebdav%2FSites%2FCore%2FdocumentLibrary%2FEB%2FWork%2Fcanada%2520-%2520Flag%2520History.xml%3Fticket%3DTICKET_5e8be5c668774bb6d5019e83ab05acebde6db016&author=mwiechec
In the url we pass the authentication ticket and this works. We would like to use the cmis plugin instead and have the checkin/out and version capabilites. I can get to document with the following url, but it prompts us to login.

Code: Select all

http://oxygen.dev.eb.com/oxygen-xml-web-author/app/oxygen.html?url=cmis%3A%2F%2Fhttp%253A%252F%252Falfresco.dev.eb.com%252Falfresco%252Fapi%252F-default-%252Fpublic%252Fcmis%252Fversions%252F1.1%252Fatom%2F-default-%2FSites%2FCore%2FdocumentLibrary%2FEB%2FWork%2Fcanada%2520-%2520Flag%2520History.xml
So my question is how can I pass the authentication information from alfresco, to avoid having to re-login in webauthor.

Thank you,
Mark Wiechec

Re: CMiS authentication

Posted: Tue Mar 17, 2020 8:11 pm
by cristi_talau
Hello,

The CMIS plugin only supports username & password authentication out-of-the-box. However, supporting alfresco tickets sounds like a nice feature to add.

From what I have read, alfresco accepts the ticket in the password field as long as the user is "ROLE_TICKET" [1]. Can you confirm that if you use the following credentials Web Author manages to connect to alfresco?
Username: ROLE_TICKET
Password: <the-ticket>

If yes, we can create an API that you can use to submit also the ticket in the URL.

Best,
Cristian


[1] https://issues.alfresco.com/jira/browse ... ment-98814

Re: CMiS authentication

Posted: Wed Mar 25, 2020 9:58 pm
by mwiechec
Yes the credentials user=ROLE_TICKET and password=[ticket] works.

Thanks,
Mark Wiechec

Re: CMiS authentication

Posted: Wed Mar 25, 2020 10:04 pm
by mwiechec
One more thing, the username in upper right corner show ROLE_TICKET as the user. I tried the &author=mwiechec at the end of url but it does not appear to be used. If this could be enabled it would be great.

Mark

Re: CMiS authentication

Posted: Thu Mar 26, 2020 12:11 pm
by cristi_talau
Hello,

An easy solution for us would be to add an "alf_ticket" URL param to be used by the editor. In this case, the end-user will not be asked for username and password. The author name will be picked-up from the URL parameters as you suggested.

However, the problem is that the ticket expires and then Web Author needs a way to request another ticket from Alfresco. This problem can be solved in multiple ways:
1. Ignore it.
2. The CMIS plugin can be extended to provide an Alfresco-specific authentication mechanism. However, this is not a top priority for us and may take some time until it will implemented.
3. Decide on a simple API that Web Author can use to request a token from your Alfresco integration. Here I assume you already customize Alfresco to pass add an action to open Oxygen XML Web Author. If we choose this approach, please provide us more details about your custmization.

Which approach would you prefer?

Best,
Cristian

Re: CMiS authentication

Posted: Fri Mar 27, 2020 7:27 pm
by mwiechec
The "alf_ticket" url parameter will work for us. As for the expired ticket scenario, currently with the webdav connector in webauthor displays a message titled "Failed to save your changes" and suggests to "save as" or "download". This rarely occurs for us and this behavior would be acceptable going forward in the CMIS connector, I believe is option 1 in your list.

However, If oxygen can detect that the save failed due to an expired ticket perhaps another option would be at this point to display the "Authentication Required" dialog and use the current authentication mechanism provided by oxygen. This way the user will not not loose any changes.

Thank You
Mark

Re: CMiS authentication

Posted: Fri Mar 27, 2020 8:01 pm
by cristi_talau
Hello,

I like the idea with showing the login dialog if the ticket expires. I updated the internal feature request with these details. I will update this thread when we have something implemented.

Best,
Cristian