As I understand it, when I link to a file in Alfresco, it appends a ticket to the url to authenticate in to Alfresco so that my users don't have to. My question is: are those tickets permanent?
I linked up a whole bunch of files the other day, only to discover this morning that the links no longer work: it wants me to authenticate in again. As I understand it, that shouldn't be happening (because if so, that kind of makes the whole process useless).
Is there something I need to set up so that that ticket doesn't expire/get replaced? Has anyone run into a similar problem?
Thanks in advance!
Yes, I and have noticed that if you have to restart the Alfresco service all the tickets expire and links from Moodle 2 no longer work. Not much use for a long-term system
Also, I'm not entirely sure (the Alfresco documentation is rather spartan) if Alfresco tickets expire after a time limit anyway. Though, for our implementation of Alfresco 3.4.d Community, it seems as if the default is for tickets not to expire.
eg. in /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/authentication-services-context.xml
So need either:
1 A way or restarting Alfresco without breaking the tickets/links - Anyone?
2 An alternative. Probably managing (public, guest) access permissions at the Alfresco-end-of-things - as suggested by Jens
No, it's not much use at all!
I've gone down the path of allowing guest access to alfresco, just so that I don't have to worry about updating all my links each time, but I'm not thrilled about it: I'd rather NOT have my readings/documents available for the taking by anyone who can figure out how to get to them.
I suppose it's worth asking on the Alfresco forums, but I haven't found people there nearly as helpful as the people here generally are.
I have recently posted about this on the Alfresco forum. So, perhaps we'll get an answer,
However, my last posting on the Alfresco forum was only answered by, er, me - and that was with information gleaned from this Moodle forum!
All rather frustrating as, in virtually all respects, Alfresco looks to be a really good repository 'solution' for Moodle 2.
I'm also eagerly awaiting the new release of Edu-Sharing which, as far as I can make out, will be based on an up-to-date Alfresco version. From hints, elswehere in this forum, Edu-Sharing may have useful coordination/management of ownership/access between Moodle 2 and Alfresco.
Just had some pointers, on the Alfresco forum, on setting up a permanent cache for tickets.
No idea how viable this option is, but just in case it helps someone...
...and here is more info that may be relevant:
The following appears to make Alfresco URL tickets persistent. I have, so far, cycled through a handful of Alfresco restarts and the URL ticket still works for different users.
In Alfresco, copy and rename
Then edit ehcache-custom.xml as follows
and change to
I'm not completely sure how robust or secure this solution is, but so far it seems to be working.
Also, the default maxElementsInMemory setting looks to be a little on the low side at 1000, though I have not yet changed it. Perhaps it should be 10000 ? or 50000 ? more ?
Oh, brilliant! I'll give it some testing and see how it goes.
I've upped the maxElements to 50000. Fingers crossed that'll do it.
Looks as if I was being overly paranoid about maxElementsInMemory. If this gets exceeded, it just gets written to disk anyway.
The default of 1000 should be fine.
That said, increasing it may improve performance.
Just alerting folks to concerns about the security of Alfresco URLs with tickets raised by Ryan Herring.
I think URLs with tickets are still appropriate for our own institutional scenario as we will be using Alfresco *only* for resources we wish students to access. However, it is important that folks are fully aware of potential security issues.
I have followed your instructions but somehow the tickets still are invalid after an Alfresco server reboot. Is there anything else (which might seem so obvious for you that you didn't mention it in you post) which I need to do/configure on the Alfresco side to get this to work. My file on the Alfresco side has been configured to accept the group EVERYONE in the Consumer role.
It does seem to be working for us. That said, we have only tried this once. We have done little to configure the Alfresco side of things.
As I am sure you are aware, it can be fiddly configuring Alfresco, as there is often more than one configuration (.xml) file and it is not always obvious which takes precedence.
Also, for security reasons, it does now seem that URLs + Tickets may not be the best way forward and we may need to wait for an alternative framework for Alfresco-Moodle links.
How to disable download option for guest user.