CMIS producer service not working
-
09-12-2019 - |
Question
I'm trying to publish documents from SharePoint sites through the Microsoft's CMIS connector.
The consuming application are multiple, including a LifeRay portal (running on Linux), and other SharePoint 2010 farm (other domain, no trust) with the CMIS consumer web part.
The ultimate goal is to be able to reflect the user's permissions on the consuming side.
The first goal, is at least to show anonymously document from the consumers.
Here is the details of my producer site :
- Claims authentication is enabled.
- Three urls are reachable for the web application :
- https://site.corp.com : FBA auth, based on a CAS authentication redirection
- http://a.site.corp.com : anonymous and FBA auth
- http://admin.site.corp.com : Windos auth for administering + anonymous + FBA
- Anonymous users are allowed to see the whole site content
The first unsuccessful test I did, is to add the CMIS consumer webpart in my other farm (as I said, there is no trust between the farms nor between the domains).
When I drop the webpart, I open the tool pane and specify http://a.site.corp/sites/testcmis/_vti_bin/CMISSoapwsdl.aspx
as the WSDL address. I click on "Get repository list", and immediately get a "The WSDL is not reachable" error.
If of open the page in Internet Explorer or Chrome, I can see the wsdl with no authentication required.
If I Fiddler the http message, I can see there are two requests :
- the first is reading the wsdl file with no error (Http 200: OK). I can see in the http message the correct WSDL content
- A second request is fired, targeting
http://a.site.corp/sites/testcmis/_vti_bin/cmis/soap/RepositoryService.svc/anonymous
. This time, I get an internal error (HTTP 500.
I get, as response, this web service fault :
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/dispatcher">a:InternalServiceFault</faultcode>
<faultstring xml:lang="en-GB">SecurityContextProperty is missing from the request Message, this may indicate security is configured incorrectly.</faultstring>
<detail>
<ExceptionDetail xmlns="http://schemas.datacontract.org/2004/07/System.ServiceModel" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<HelpLink i:nil="true"/>
<InnerException i:nil="true"/>
<Message>SecurityContextProperty is missing from the request Message, this may indicate security is configured incorrectly.</Message>
<StackTrace> at System.ServiceModel.Dispatcher.SecurityImpersonationBehavior.StartImpersonation2(MessageRpc& rpc, ServiceSecurityContext securityContext, Boolean isSecurityContextImpersonationOn)
at System.ServiceModel.Dispatcher.SecurityImpersonationBehavior.StartImpersonation(MessageRpc& rpc, IDisposable& impersonationContext, IPrincipal& originalPrincipal, Boolean& isThreadPrincipalSet)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</StackTrace>
<Type>System.InvalidOperationException</Type>
</ExceptionDetail>
</detail>
</s:Fault>
</s:Body>
</s:Envelope>
The faultstring
is annoying me. The target site allow anonymous, why would the communication establish a Security Context?
The second test that was no more successful was to use the LifeRay SharePoint CMIS consumer connector
In the liferay portal (not the production server. This one was running on a dev box running W2K8 R2), I tried to add a document repository of kind SharePoint CMIS.
Still not working. Still fiddler (what a wonderful tool isn't it?), I can observe a different behavior. Two requests are fired too (using the REST protocol this time). I'm targeting this time the adm's prefixes url :
- The first request is fetching the repository details using the url :
http://adm.site.corp/sites/testcmis/_vti_bin/cmis/rest/16ff1075-1069-4066-9048-3f9a8b002fd9?getRepositoryInfo
(the guid is the ID of a shared document library). No error, status Http 200 - The second request if receiving a 403 error. Fiddler is showing me a unexpected http header in the response :
X-MSDAVEXT_Error: 917656; Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.
The query sent through the REST api is this one :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<query xmlns="http://docs.oasis-open.org/ns/cmis/core/200908/" xmlns:ns2="http://docs.oasis-open.org/ns/cmis/messaging/200908/" xmlns:ns3="http://docs.oasis-open.org/ns/cmis/restatom/200908/">
<statement>SELECT cmis:objectId FROM cmis:folder WHERE IN_FOLDER('-1')</statement>
<searchAllVersions>false</searchAllVersions>
<includeAllowableActions>true</includeAllowableActions>
<includeRelationships>none</includeRelationships>
<renditionFilter>cmis:none</renditionFilter>
<maxItems>1000</maxItems>
<skipCount>0</skipCount>
</query>
And, in the ULS logs, I see this time :
SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (POST:http://adm.site.corp.com:80/sites/testcmis/_vti_bin/cmis/rest/8ae634c6-cace-48cd-a9c6-10a311fd1968?Query) 30db2510-0247-4fc5-8454-79fdd83c856d
SharePoint Foundation Logging Correlation Data xmnv Medium Site=/sites/testcmis 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose Current request url is http://adm.site.corp.com/sites/testcmis/_vti_bin/cmis/rest/8ae634c6-cace-48cd-a9c6-10a311fd1968?Query 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose Selected service: Microsoft.SharePoint.CMIS.Binding.CmisQueryService 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose Start calling into GetCurrentWeb. 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose statement : SELECT cmis:objectId FROM cmis:folder WHERE IN_FOLDER('-1') 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose searchAllVersions : false 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose includeRelationships : none 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose renditionFilter : cmis:none 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose includeAllowableActions : true 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose maxItems : 1000 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose skipCount : 0 30db2510-0247-4fc5-8454-79fdd83c856d
Unknown CMIS Repository Interfaces 0000 Verbose Source id length is larger or equal than destination length id. Returned false. 30db2510-0247-4fc5-8454-79fdd83c856d
SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope (EnsureListItemsData). Execution Time=4.58745455078788 30db2510-0247-4fc5-8454-79fdd83c856d
SharePoint Foundation General 8e2s Medium Unknown SPRequest error occurred. More information: 0x80070005 30db2510-0247-4fc5-8454-79fdd83c856d
SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (POST:http://adm.site.corp.com:80/sites/testcmis/_vti_bin/cmis/rest/8ae634c6-cace-48cd-a9c6-10a311fd1968?Query)). Execution Time=34.7641948906914 30db2510-0247-4fc5-8454-79fdd83c856d
Note that If I open the page http://adm.site.corp.com/sites/testcmis/_vti_bin/cmis/rest/8ae634c6-cace-48cd-a9c6-10a311fd1968?getRepositoryInfo
in the browser, it works (still with no authentication).
The last test I did, was identical to the previous, but using the anonymous web app url
Same steps as before, in LifeRay, I try to fetch the repository info at the url : http://a.site.corp.com/sites/testcmis/_vti_bin/cmis/rest/8ae634c6-cace-48cd-a9c6-10a311fd1968?getRepositoryInfo
(again, this page is reachable with the browser).
- A first query is issued to
http://a.site.corp.com/sites/testcmis/_vti_bin/cmis/rest/8ae634c6-cace-48cd-a9c6-10a311fd1968?getRepositoryInfo
. This succeed (http 200). - A second query to
http://a.site.corp.com/sites/testcmis/_vti_bin/cmis/rest/8ae634c6-cace-48cd-a9c6-10a311fd1968?getRepositoryInfo&repositoryId=8ae634c6-cace-48cd-a9c6-10a311fd1968
. This succeed too(http 200). - and a last query to
http://a.site.corp.com/sites/testcmis/_vti_bin/cmis/rest/8ae634c6-cace-48cd-a9c6-10a311fd1968?Query
.
The latest query throw a 403 Http error (Forbidden). the body of this faulting query is this one (same as before):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<query xmlns="http://docs.oasis-open.org/ns/cmis/core/200908/" xmlns:ns2="http://docs.oasis-open.org/ns/cmis/messaging/200908/" xmlns:ns3="http://docs.oasis-open.org/ns/cmis/restatom/200908/">
<statement>SELECT cmis:objectId FROM cmis:folder WHERE IN_FOLDER('-1')</statement>
<searchAllVersions>false</searchAllVersions>
<includeAllowableActions>true</includeAllowableActions>
<includeRelationships>none</includeRelationships>
<renditionFilter>cmis:none</renditionFilter>
<maxItems>1000</maxItems>
<skipCount>0</skipCount>
</query>
To conclude, does anyone has ever be able to make this working, and how?
Solution
We finally conclude that using the CMIS connector is a dead end.
Many reasons:
- the connector is only en-us (it can be workaround by manually creating the resource files).
It's a nightmare to make the java's app to authenticate against CMIS.
There are so few resources related to this connector, that we think it's nearly not used at all.
- If it fails, how to get support?. In fact, it has been less risky and with a lower cost to build both a custom web service in SharePoint, and a custom connector at the java application side.