Permissions Assigned to External Users not work

After sharing a document with an external user without login, the email is sent correctly to the recipient, however, when clicking on the email link, you are always redirected to the login screen. It is not possible to view the document without logging in to the platform. This is a core function of the platform, is there any additional configuration that must be done for this feature to work?

0 votes

2 answers

380 views

ANSWER



Hi,

Nuxeo doesn't need any specific config to give access to external users (except the fact to allow Nuxeo to send external emails). In the mail notification with the documents which are shared, the mail contains a link which includes a token, so you shouldn't have any login page. Obviously, anyone with this link can log in as the external user if it's shared.

I use fakesmtp to catch the instant share email and test locally in incognito mode (and it works!).

Regards

0 votes



External sharing (aka. Instant Share) uses “TOKEN_AUTH” in the auth config, so make sure that you include it in your authenticationChain. See code here:

https://github.com/nuxeo/nuxeo/blob/10.10/nuxeo-services/nuxeo-platform-web-common/src/main/resources/OSGI-INF/authentication-contrib.xml#L51

If you have customized the auth config then you need to make sure that TOKEN_AUTH is before FORM_AUTH. Hopefully this solves your issue. Something like this (not sure what authentication methods you are using though).

<extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" 
point="chain">
    <authenticationChain>
        <plugins>
            <plugin>BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
            <plugin>FORM_AUTH</plugin>
        </plugins>
    </authenticationChain>
</extension>
0 votes