You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@manifoldcf.apache.org by Sagar Gole <gs...@gmail.com> on 2020/07/06 06:28:47 UTC
Unable to connect ADFS user through the ManifoldCF SharePoint connector.
Trying to create authority connection in ManifoldCF 2.15 to the ADFS based SharePoint (2013) web application. But it is giving an error : Http 403 error (forbidden).
Can someone help me on this issue.
Thanks.
Re: Unable to connect ADFS user through the ManifoldCF SharePoint connector.
Posted by Karl Wright <da...@gmail.com>.
Hi Sagar,
You do not appear to be signed up for any ManifoldCF list so I am still
moderating your posts in.
ADFS is Kerberos.
Basically, because tickets are what are used to manage Kerberos access, and
the HTTP libraries we use integrate Kerberos as a sidecar file containing
the tickets, the process cannot be done via the UI at this time.
There is, however, already work done to support Kerberos in other
connectors. I don't recall whether it was done for Sharepoint yet but I
doubt it; I think it was just the Solr connector that was done.
There is a dev list thread that describes how this works, and the
documentation (how-to-build-and-deploy) was also updated with this
information. Unfortunately that doc hasn't gone live due to a formatting
problem which we did not detect. But you can have a look at the
documentation source for that page under
https://svn.apache.org/repos/asf/manifoldcf/trunk/site/src/documentation/content/en_US
.
I believe you also need to add a single line to the connector to enable
Kerberos as well. This is the diff for the Solr connector:
>>>>>>
+ initializeKerberos();
+
String location = "";
if (webapp != null)
location = "/" + webapp;
@@ -292,6 +300,21 @@
solrServer = new ModifiedHttpSolrClient(httpSolrServerUrl,
localClient, new XMLResponseParser(), allowCompression);
}
+ private static void initializeKerberos()
+ {
+
+ final String loginConfig =
System.getProperty("java.security.auth.login.config");
+ if (loginConfig != null && loginConfig.trim().length() > 0) {
+ if (Logging.ingest.isInfoEnabled()) {
+ Logging.ingest.info("Using Kerberos for Solr Authentication");
+ }
+ Krb5HttpClientBuilder krbBuild = new Krb5HttpClientBuilder();
+ SolrHttpClientBuilder kb = krbBuild.getBuilder();
+ HttpClientUtil.setHttpClientBuilder(kb);
+ }
+
+ }
+
<<<<<<
... along with appropriate imports.
I'm happy to commit any changes needed to make Sharepoint work this way, as
soon as you prove it works.
Thanks,
Karl
On Mon, Jul 6, 2020 at 7:59 AM Sagar Gole <gs...@gmail.com> wrote:
> I have subscribed to both lists, but I'm not sure what I missed. Anyway
> thanks for replying.
> My query was not clear, my apology. I'm explaining the situation again.
>
> We are using ManifoldCF for indexing SharePoint content into the SOLR.
> Earlier we were using the windows based authentication i.e. NTLM which was
> working fine for authority and repository connection.
> Now, our SharePoint authentication is moved from NTLM to ADFS and I cannot
> figure out what connection type I have to choose in ManifoldCF UI for
> repository and authory connection. Without any success, I tried
> SharePoint/Native but it doesn't work.
>
> It appears that there is no ADFS connector, that I can use so we are
> planning to add a connector to connect ADFS based SharePoint sites. But for
> this we need your guidance. We are new to the ManifoldCF, so we need your
> help and inputs on the design and implemenation.
> Requesting you to please help me.
>
> On 2020/07/06 09:17:33, Karl Wright <da...@gmail.com> wrote:
> > I saw your question to the dev list earlier and had to moderate both of
> > these questions through because you haven't signed up for these lists.
> > 403 means your credentials and/or authentication method is incorrect.
> > Probably it means you are using kerberos for authentication rather than
> > NTLM.
> >
> > Karl
> >
> >
> > On Mon, Jul 6, 2020 at 2:30 AM Sagar Gole <gs...@gmail.com>
> wrote:
> >
> > > Trying to create authority connection in ManifoldCF 2.15 to the ADFS
> based
> > > SharePoint (2013) web application. But it is giving an error : Http 403
> > > error (forbidden).
> > >
> > > Can someone help me on this issue.
> > >
> > > Thanks.
> > >
> >
>
Re: Unable to connect ADFS user through the ManifoldCF SharePoint connector.
Posted by Sagar Gole <gs...@gmail.com>.
I have subscribed to both lists, but I'm not sure what I missed. Anyway thanks for replying.
My query was not clear, my apology. I'm explaining the situation again.
We are using ManifoldCF for indexing SharePoint content into the SOLR.
Earlier we were using the windows based authentication i.e. NTLM which was working fine for authority and repository connection.
Now, our SharePoint authentication is moved from NTLM to ADFS and I cannot figure out what connection type I have to choose in ManifoldCF UI for repository and authory connection. Without any success, I tried SharePoint/Native but it doesn't work.
It appears that there is no ADFS connector, that I can use so we are planning to add a connector to connect ADFS based SharePoint sites. But for this we need your guidance. We are new to the ManifoldCF, so we need your help and inputs on the design and implemenation.
Requesting you to please help me.
On 2020/07/06 09:17:33, Karl Wright <da...@gmail.com> wrote:
> I saw your question to the dev list earlier and had to moderate both of
> these questions through because you haven't signed up for these lists.
> 403 means your credentials and/or authentication method is incorrect.
> Probably it means you are using kerberos for authentication rather than
> NTLM.
>
> Karl
>
>
> On Mon, Jul 6, 2020 at 2:30 AM Sagar Gole <gs...@gmail.com> wrote:
>
> > Trying to create authority connection in ManifoldCF 2.15 to the ADFS based
> > SharePoint (2013) web application. But it is giving an error : Http 403
> > error (forbidden).
> >
> > Can someone help me on this issue.
> >
> > Thanks.
> >
>
Re: Unable to connect ADFS user through the ManifoldCF SharePoint connector.
Posted by Karl Wright <da...@gmail.com>.
I saw your question to the dev list earlier and had to moderate both of
these questions through because you haven't signed up for these lists.
403 means your credentials and/or authentication method is incorrect.
Probably it means you are using kerberos for authentication rather than
NTLM.
Karl
On Mon, Jul 6, 2020 at 2:30 AM Sagar Gole <gs...@gmail.com> wrote:
> Trying to create authority connection in ManifoldCF 2.15 to the ADFS based
> SharePoint (2013) web application. But it is giving an error : Http 403
> error (forbidden).
>
> Can someone help me on this issue.
>
> Thanks.
>