Page 1 of 1

CMiS authentication

Posted: Tue Mar 17, 2020 7:45 pm
by mwiechec
We currently integrate with oxygen and alfresco by using the webdav plugin. We login to alfresco outside of oxygen and then launch oxygen with the following url.

Code: Select all

http://oxygen.dev.eb.com/oxygen-xml-web-author/app/oxygen.html?url=webdav-http%3A%2F%2Falfresco.dev.eb.com%2Falfresco%2Fwebdav%2FSites%2FCore%2FdocumentLibrary%2FEB%2FWork%2Fcanada%2520-%2520Flag%2520History.xml%3Fticket%3DTICKET_5e8be5c668774bb6d5019e83ab05acebde6db016&author=mwiechec
In the url we pass the authentication ticket and this works. We would like to use the cmis plugin instead and have the checkin/out and version capabilites. I can get to document with the following url, but it prompts us to login.

Code: Select all

http://oxygen.dev.eb.com/oxygen-xml-web-author/app/oxygen.html?url=cmis%3A%2F%2Fhttp%253A%252F%252Falfresco.dev.eb.com%252Falfresco%252Fapi%252F-default-%252Fpublic%252Fcmis%252Fversions%252F1.1%252Fatom%2F-default-%2FSites%2FCore%2FdocumentLibrary%2FEB%2FWork%2Fcanada%2520-%2520Flag%2520History.xml
So my question is how can I pass the authentication information from alfresco, to avoid having to re-login in webauthor.

Thank you,
Mark Wiechec

Re: CMiS authentication

Posted: Tue Mar 17, 2020 8:11 pm
by cristi_talau
Hello,

The CMIS plugin only supports username & password authentication out-of-the-box. However, supporting alfresco tickets sounds like a nice feature to add.

From what I have read, alfresco accepts the ticket in the password field as long as the user is "ROLE_TICKET" [1]. Can you confirm that if you use the following credentials Web Author manages to connect to alfresco?
Username: ROLE_TICKET
Password: <the-ticket>

If yes, we can create an API that you can use to submit also the ticket in the URL.

Best,
Cristian


[1] https://issues.alfresco.com/jira/browse ... ment-98814

Re: CMiS authentication

Posted: Wed Mar 25, 2020 9:58 pm
by mwiechec
Yes the credentials user=ROLE_TICKET and password=[ticket] works.

Thanks,
Mark Wiechec

Re: CMiS authentication

Posted: Wed Mar 25, 2020 10:04 pm
by mwiechec
One more thing, the username in upper right corner show ROLE_TICKET as the user. I tried the &author=mwiechec at the end of url but it does not appear to be used. If this could be enabled it would be great.

Mark

Re: CMiS authentication

Posted: Thu Mar 26, 2020 12:11 pm
by cristi_talau
Hello,

An easy solution for us would be to add an "alf_ticket" URL param to be used by the editor. In this case, the end-user will not be asked for username and password. The author name will be picked-up from the URL parameters as you suggested.

However, the problem is that the ticket expires and then Web Author needs a way to request another ticket from Alfresco. This problem can be solved in multiple ways:
1. Ignore it.
2. The CMIS plugin can be extended to provide an Alfresco-specific authentication mechanism. However, this is not a top priority for us and may take some time until it will implemented.
3. Decide on a simple API that Web Author can use to request a token from your Alfresco integration. Here I assume you already customize Alfresco to pass add an action to open Oxygen XML Web Author. If we choose this approach, please provide us more details about your custmization.

Which approach would you prefer?

Best,
Cristian

Re: CMiS authentication

Posted: Fri Mar 27, 2020 7:27 pm
by mwiechec
The "alf_ticket" url parameter will work for us. As for the expired ticket scenario, currently with the webdav connector in webauthor displays a message titled "Failed to save your changes" and suggests to "save as" or "download". This rarely occurs for us and this behavior would be acceptable going forward in the CMIS connector, I believe is option 1 in your list.

However, If oxygen can detect that the save failed due to an expired ticket perhaps another option would be at this point to display the "Authentication Required" dialog and use the current authentication mechanism provided by oxygen. This way the user will not not loose any changes.

Thank You
Mark

Re: CMiS authentication

Posted: Fri Mar 27, 2020 8:01 pm
by cristi_talau
Hello,

I like the idea with showing the login dialog if the ticket expires. I updated the internal feature request with these details. I will update this thread when we have something implemented.

Best,
Cristian

Re: CMiS authentication

Posted: Tue Aug 11, 2020 11:38 pm
by mwiechec
I was just wondering if there was any update on this feature. Thanks.

Re: CMiS authentication

Posted: Wed Aug 12, 2020 1:55 pm
by cristi_talau
Hello,

Unfortunately, we do not have any news on this issue. We have it on our list and will update this forum post when we have something that you can test.

In order to prioritize the issue I would like to understand how important this feature is for your organization.

Best,
Cristian

Re: CMiS authentication

Posted: Wed Aug 19, 2020 8:39 pm
by mwiechec
Christian,

We are very interested in switching from Webdav to CMIS. It gives us the checkin and checkout capability with major and minor versions. Also the ablilty to view the previous versions would be a great benefit to our users. The login mechanism is the only thing holding us up from implementing this. So if there is a way to raise the priority of this issue we would appreciate it.

Thank you for your consideration,
Mark Wiechec

Re: CMiS authentication

Posted: Tue Aug 25, 2020 2:08 pm
by cristi_talau
Hello,

Thanks for your feedback. I investigated and I was able to generate an alfresco ticket using the Alfresco REST API. Now we have a way to test this customization. I will increase the priority of this issue.

Best,
Cristian