Hello Florian Thank you very much for your reply. I really appreciate this.
However, I don't have to authenticate the user as this was done by the upstream process. I just need to pass the ticket down the stream (during call from standalone service to alfresco). That is SSO. the call conn.setRequestProperty(header.getKey(), value); is meant to add "Authorisation Negotiate" header but it is loosing it. I suppose here is the problem. Have you ever heard of this? Kind Regards Krzysztof On 2017-09-11 22:09, Florian Müller <[email protected]> wrote: > Hi, > > SPNEGO is a little bit different than most other authentication mechanisms. > > Please see the SPNEGO section on this web page: > https://docs.oracle.com/javase/8/docs/technotes/guides/net/http-auth.html > > > - Florian > > > > I have Alfresco Core repository configured with SPNEGO authentication > > (Kerberos SSO). > > I am writing a service that talks to it using Apache Chemistry opencmis > > library 1.1.0. Cmis library requires me to provide custom authentication > > provider, but it drops the Authorisation header I am > > adding(DefaultHttpInvoker.invoke() line:129). So far I came up with > > following: > > > > public class KerberosAuthProvider extends AbstractAuthenticationProvider { > > > > @Override > > public Map<String, List<String>> getHTTPHeaders(String url) { > > try { > > String authToken = ââ¬Â¦. // generate token > > Map<String, List<String>> headers = Maps.newHashMap(); > > > > headers.put("Authorization", Lists.newArrayList("Negotiate " + > > authToken)); > > return headers; > > } catch (Exception ex) { > > throw new IllegalStateException("Couldn't get token", ex); > > }} > > } > > > > Alfresco responds with following: > > > > No Proxy-Authorization Header is present. > > No Authorization Header is present. > > > > I will appreciate any suggestions. > > >
