How To Prevent Windows Authentication Pop Ups When Opening an Office File (Doc ID 1938764.1)

Last updated on FEBRUARY 10, 2017

Applies to:

Oracle WebCenter Content - Version 11.1.1.8.0 and later
Information in this document applies to any platform.

Goal

When a Webcenter Content item is consumed through Internet Explorer, such as clicking the Web Location or Native File link in an item's DOC_INFO page, a pop up window appears prompting for user authentication.

This is not an issue of the WCC itself, it's the way that IE and Office interact with each other.

As explained in http://support.microsoft.com/kb/2019105

When Internet Explorer opens an Office document, the appropriate Office application is started with the path of the document. The Office application then tries to access the document directly from the server. This differs from other browsers and other file types. Most browsers download the file and call the application to open the file from the local cache. However, when this occurs, if the opened file is changed and saved, the changes are only made to the local copy and not to the server copy.

To establish the richest experience possible, the first thing that the Office application does is communicate with the server to determine the server type and what web authoring protocol is available. The application does this by making an OPTIONS request directly to the server.

As a new process accessing the server, the Office application is required to renegotiate authentication. This method is more secure than a method in which the new process uses an existing authentication that was established by the browser.

As part of accessing the item, OPTIONS and PROPFIND requests are passed. This can be seen in the WCC servlet audit trace:

>servlet/6 10.24 09:41:25.864 IdcServer-821 Loading activeData=GET (contentLength=0, contextRoot=/, uri=/cs/groups/public/documents/document/zxjf/mdyx/~edisp/wcc_cluster_061216.xls)
>servlet/6 10.24 09:41:25.864 IdcServer-821 processFilterEvent enter: user = <anonymous> uri = /cs/groups/public/documents/document/zxjf/mdyx/~edisp/wcc_cluster_061216.xls query = null
>servlet/6 10.24 09:41:28.237 IdcServer-822 Loading activeData=OPTIONS (contentLength=0, contextRoot=/, uri=/cs/groups/public/documents/document/zxjf/mdyx/~edisp/)
>servlet/6 10.24 09:41:28.237 IdcServer-822 processFilterEvent enter: user = <anonymous> uri = /cs/groups/public/documents/document/zxjf/mdyx/~edisp/ query = null
>servlet/6 10.24 09:41:29.468 IdcServer-823 Loading activeData=PROPFIND (contentLength=0, contextRoot=/, uri=/cs/groups/public/documents/document/zxjf/mdyx/~edisp)
>servlet/6 10.24 09:41:29.468 IdcServer-823 processFilterEvent enter: user = <anonymous> uri = /cs/groups/public/documents/document/zxjf/mdyx/~edisp query = null
>servlet/6 10.24 09:41:30.936 IdcServer-824 Loading activeData=PROPFIND (contentLength=0, contextRoot=/, uri=/cs/groups/public/documents/document/zxjf)
  

The KB goes on to provide several means to try and prevent this; however, even after making the changes, the authentication prompt is still invoked.

Consuming content doesn't require a windows authentication. The WCC will make its own authentication/authorization check if required (as in if the item isn't in the Public group).

This means that the OPTIONS and PROPFIND requests are not required by the WCC. As such, these can be blocked from being passed to the WCC.

This How To will cover the steps to block these requests.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms