topic Alfresco + CAS + single sign on + single sign out + solution in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/alfresco-cas-single-sign-on-single-sign-out-solution/m-p/188763#M141893 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><SPAN>I am new to alfresco and I faced lot of problems in configuring alfresco with CAS single sign on (and single sign out) but i have successfully done it </SPAN><BR /><SPAN>and providing steps of the same so that others can do it easily.</SPAN><BR /><BR /><SPAN>Environment :</SPAN><BR /><SPAN>Apache Tomcat 5.5.26</SPAN><BR /><SPAN>cas-server-3.2.1</SPAN><BR /><SPAN>Alfresco 2.1 Community Edition</SPAN><BR /><SPAN>CAS client 3.1.32</SPAN><BR /><BR /><SPAN>NOTE : Before using this make sure that LDAP and Tomcat are configured on SSL.</SPAN><BR /><SPAN>—————————————————————————————————————–</SPAN><BR /><SPAN>1.Copy the 'CAS client 3.1.32' jar to $ALFRESCO_HOME/WEB-INF/lib.</SPAN><BR /><BR /><SPAN>2. Add CAS filter</SPAN><BR /><SPAN>Modify the $ALFRESCO_HOME/WEB_INF/web.xml by adding following.</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>&lt;/context-param&gt;</SPAN><BR /><SPAN>&lt;context-param&gt;</SPAN><BR /><SPAN>&lt;param-name&gt;serverName&lt;/param-name&gt;</SPAN><BR /><SPAN><SPAN>&lt;param-value&gt;</SPAN><A class="jive-link-external-small" href="http://" rel="nofollow noopener noreferrer">http://</A><SPAN>&lt;HOSTNAME&gt;&lt;/param-value&gt;</SPAN></SPAN><BR /><SPAN>&lt;/context-param&gt;</SPAN><BR /><SPAN>&lt;filter&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS Single Sign Out Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;filter-class&gt;org.jasig.cas.client.session.SingleSignOutFilter&lt;/filter-class&gt;</SPAN><BR /><SPAN>&lt;/filter&gt;</SPAN><BR /><SPAN>&lt;filter-mapping&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS Single Sign Out Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;url-pattern&gt;/faces/*&lt;/url-pattern&gt;</SPAN><BR /><SPAN>&lt;/filter-mapping&gt;</SPAN><BR /><SPAN>&lt;listener&gt;</SPAN><BR /><SPAN>&lt;listener-class&gt;org.jasig.cas.client.session.SingleSignOutHttpSessionListener&lt;/listener-class&gt;</SPAN><BR /><SPAN>&lt;/listener&gt;</SPAN><BR /><SPAN>&lt;filter&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS Authentication Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;filter-class&gt;org.jasig.cas.client.authentication.AuthenticationFilter&lt;/filter-class&gt;</SPAN><BR /><SPAN>&lt;init-param&gt;</SPAN><BR /><SPAN>&lt;param-name&gt;casServerLoginUrl&lt;/param-name&gt;</SPAN><BR /><SPAN><SPAN>&lt;param-value&gt;</SPAN><A class="jive-link-external-small" href="https://" rel="nofollow noopener noreferrer">https://</A><SPAN>&lt;HOST_NAME&gt;:443/cas/login&lt;/param-value&gt;</SPAN></SPAN><BR /><SPAN>&lt;/init-param&gt;</SPAN><BR /><SPAN>&lt;/filter&gt;</SPAN><BR /><SPAN>&lt;filter&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS Validation Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;filter-class&gt;org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter&lt;/filter-class&gt;</SPAN><BR /><SPAN>&lt;init-param&gt;</SPAN><BR /><SPAN>&lt;param-name&gt;casServerUrlPrefix&lt;/param-name&gt;</SPAN><BR /><SPAN><SPAN>&lt;param-value&gt;</SPAN><A class="jive-link-external-small" href="https://" rel="nofollow noopener noreferrer">https://</A><SPAN>&lt;HOST_NAME&gt;:443/cas&lt;/param-value&gt;</SPAN></SPAN><BR /><SPAN>&lt;/init-param&gt;</SPAN><BR /><SPAN>&lt;/filter&gt;</SPAN><BR /><BR /><SPAN>&lt;filter&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS HttpServletRequest Wrapper Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;filter-class&gt;org.jasig.cas.client.util.HttpServletRequestWrapperFilter&lt;/filter-class&gt;</SPAN><BR /><SPAN>&lt;/filter&gt;</SPAN><BR /><SPAN>&lt;filter&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS Assertion Thread Local Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;filter-class&gt;org.jasig.cas.client.util.AssertionThreadLocalFilter&lt;/filter-class&gt;</SPAN><BR /><SPAN>&lt;/filter&gt;</SPAN><BR /><SPAN>&lt;filter-mapping&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS Authentication Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;url-pattern&gt;/faces/*&lt;/url-pattern&gt;</SPAN><BR /><SPAN>&lt;/filter-mapping&gt;</SPAN><BR /><SPAN>&lt;filter-mapping&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS Validation Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;url-pattern&gt;/faces/*&lt;/url-pattern&gt;</SPAN><BR /><SPAN>&lt;/filter-mapping&gt;</SPAN><BR /><SPAN>&lt;filter-mapping&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS HttpServletRequest Wrapper Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;url-pattern&gt;/faces/*&lt;/url-pattern&gt;</SPAN><BR /><SPAN>&lt;/filter-mapping&gt;</SPAN><BR /><SPAN>&lt;filter-mapping&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;CAS Assertion Thread Local Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;url-pattern&gt;/faces/*&lt;/url-pattern&gt;</SPAN><BR /><SPAN>&lt;/filter-mapping&gt;</SPAN><BR /><SPAN>…</SPAN><BR /><BR /><SPAN>Make sure that the CAS Single Sign Out Filter is the first filter.</SPAN><BR /><BR /><BR /><SPAN>3.Configure for user name forwarding</SPAN><BR /><BR /><SPAN>Download the keembay source file. </SPAN><BR /><SPAN>–Download uri - </SPAN><A href="http://keembay.com/alfresco/extras/CASAuthenticationFilter.java" rel="nofollow noopener noreferrer">http://keembay.com/alfresco/extras/CASAuthenticationFilter.java</A><BR /><SPAN>–Refer url - </SPAN><A href="http://athenalogics.blogspot.com/2008/07/how-to-casify-alfresco-cms" rel="nofollow noopener noreferrer">http://athenalogics.blogspot.com/2008/07/how-to-casify-alfresco-cms</A><SPAN> 567.html</SPAN><BR /><BR /><SPAN>Create a project in an IDE like Netbeans with required package hierarchy. Copy the file to the src directory of the project.</SPAN><BR /><SPAN>Modify it to forward username to the application after picking up the value from REMOTE_USER.</SPAN><BR /><BR /><SPAN>Change</SPAN><BR /><SPAN>public class CASAuthenticationFilter extends AbstractAuthenticationFilter implements Filter {</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>public void doFilter(…) {</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>// Retrieve the CAS username from the session</SPAN><BR /><SPAN>String userName = null;</SPAN><BR /><SPAN>Object o = httpSess.getAttribute(casUserSessionAttributeName);</SPAN><BR /><SPAN>if (o == null) {</SPAN><BR /><SPAN>logger.error("CAS : Attribute named "+casUserSessionAttributeName+" not found in the session. ");</SPAN><BR /><SPAN>} else {</SPAN><BR /><SPAN>userName = o.toString();</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>if (logger.isDebugEnabled()) {</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>}</SPAN><BR /><BR /><SPAN>to</SPAN><BR /><BR /><SPAN>public class CASAuthenticationFilter extends AbstractAuthenticationFilter implements Filter {</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>public void doFilter(…) {</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>// Retrieve the CAS username from the session</SPAN><BR /><SPAN>String userName = null;</SPAN><BR /><SPAN>userName = req.getRemoteUser();</SPAN><BR /><SPAN>if (logger.isDebugEnabled()) {</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>…</SPAN><BR /><SPAN>}</SPAN><BR /><BR /><SPAN>Build the project and a jar file would be created and copy it in $ALFRESCO_HOME/WEB_INF/lib/.</SPAN><BR /><BR /><SPAN>This jar contains code to forward the cas-authenticated user’s name to the application.</SPAN><BR /><BR /><SPAN>Open the file $ALFRESCO_HOME/WEB_INF/web.xml in a text editor and edit</SPAN><BR /><SPAN>the filter named Authentication Filter.</SPAN><BR /><BR /><SPAN>Locate the following lines:</SPAN><BR /><SPAN>&lt;filter&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;Authentication Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;filter-class&gt;org.alfresco.web.app.servlet.AuthenticationFilter&lt;/filter-class&gt;</SPAN><BR /><SPAN>and edit them to become</SPAN><BR /><SPAN>&lt;filter&gt;</SPAN><BR /><SPAN>&lt;filter-name&gt;Authentication Filter&lt;/filter-name&gt;</SPAN><BR /><SPAN>&lt;filter-class&gt;com.keembay.alfresco.web.app.servlet.CASAuthenticationFilter&lt;/filter-class&gt;</SPAN><BR /><BR /><SPAN> Logout from Alfreso can be configured by modifying $ALFRESCO_HOME/jsp/relogin.jsp.</SPAN><BR /><SPAN>To logout from CAS server we need to add redirection after alfresco logout.</SPAN><BR /><SPAN>Modify $ALFRESCO_HOME/jsp/relogin.jsp</SPAN><BR /><BR /><BR /><SPAN>response.addCookie(authCookie);</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>%&gt;</SPAN><BR /><SPAN>to</SPAN><BR /><SPAN>response.addCookie(authCookie);</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN><SPAN>response.sendRedirect("</SPAN><A class="jive-link-external-small" href="https://" rel="nofollow noopener noreferrer">https://</A><SPAN>&lt;HOST_NAME&gt;:8443/cas/logout");</SPAN></SPAN><BR /><SPAN>%&gt;</SPAN><BR /><BR /><SPAN>4. LDAP Integration</SPAN><BR /><BR /><SPAN>Create a file ldap-authentication-context.xml with following contents.</SPAN><BR /><SPAN>&lt;?xml version=’1.0’ encoding=’UTF-8’?&gt;</SPAN><BR /><SPAN>&lt;!DOCTYPE beans PUBLIC ’-//SPRING//DTD BEAN//EN’ ’</SPAN><A href="http://www.springframework.org/dtd/spring-beans.dtd’" rel="nofollow noopener noreferrer">http://www.springframework.org/dtd/spring-beans.dtd’</A><SPAN>&gt;</SPAN><BR /><SPAN>&lt;beans&gt;</SPAN><BR /><SPAN>&lt;bean name="authenticationDao"</SPAN><BR /><SPAN>class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" &gt;</SPAN><BR /><SPAN>&lt;property name="allowDeleteUser"&gt;</SPAN><BR /><SPAN>&lt;value&gt;false&lt;/value&gt;</SPAN><BR /><SPAN>&lt;/property&gt;</SPAN><BR /><SPAN>&lt;/bean&gt;</SPAN><BR /><SPAN>&lt;bean id="authenticationComponent"</SPAN><BR /><SPAN>class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"&gt;</SPAN><BR /><SPAN>&lt;property name="LDAPInitialDirContextFactory"&gt;</SPAN><BR /><SPAN>&lt;ref bean="ldapInitialDirContextFactory"/&gt;</SPAN><BR /><SPAN>&lt;/property&gt;</SPAN><BR /><SPAN>&lt;property name="userNameFormat"&gt;</SPAN><BR /><SPAN>&lt;value&gt;%s&lt;/value&gt;</SPAN><BR /><SPAN>&lt;/property&gt;</SPAN><BR /><SPAN>&lt;/bean&gt;</SPAN><BR /><SPAN>&lt;bean id="ldapInitialDirContextFactory"</SPAN><BR /><SPAN>class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl"&gt;</SPAN><BR /><SPAN>&lt;property name="initialDirContextEnvironment"&gt;</SPAN><BR /><SPAN>&lt;map&gt;</SPAN><BR /><SPAN>&lt;entry key="java.naming.factory.initial"&gt;</SPAN><BR /><SPAN>&lt;value&gt;com.sun.jndi.ldap.LdapCtxFactory&lt;/value&gt;</SPAN><BR /><SPAN>&lt;/entry&gt;</SPAN><BR /><SPAN>&lt;entry key="java.naming.provider.url"&gt;</SPAN><BR /><SPAN>&lt;value&gt;ldap://localhost&lt;/value&gt;</SPAN><BR /><SPAN>&lt;/entry&gt;</SPAN><BR /><SPAN>&lt;entry key="java.naming.security.authentication"&gt;</SPAN><BR /><SPAN>&lt;value&gt;simple&lt;/value&gt;</SPAN><BR /><SPAN>&lt;/entry&gt;</SPAN><BR /><SPAN>&lt;entry key="java.naming.security.principal"&gt;</SPAN><BR /><SPAN>&lt;value&gt;admin&lt;/value&gt;</SPAN><BR /><SPAN>&lt;/entry&gt;</SPAN><BR /><SPAN>&lt;entry key="java.naming.security.credentials"&gt;</SPAN><BR /><SPAN>&lt;value&gt;adminpassword&lt;/value&gt;</SPAN><BR /><SPAN>&lt;/entry&gt;</SPAN><BR /><SPAN>&lt;/map&gt;</SPAN><BR /><SPAN>&lt;/property&gt;</SPAN><BR /><SPAN>&lt;/bean&gt;</SPAN><BR /><SPAN>&lt;/beans&gt;</SPAN><BR /><BR /><SPAN>Copy this file to $ALFRESCO_HOME/WEB-INF/classes/alfresco/</SPAN><BR /><SPAN>$ALFRESCO_HOME/WEB-INF/classes/alfresco/extension</SPAN><BR /><BR /><SPAN>—————————————————————————————————————–</SPAN></BODY></HTML> Tue, 24 Mar 2009 08:33:00 GMT umeshcse3 2009-03-24T08:33:00Z Alfresco + CAS + single sign on + single sign out + solution https://connect.hyland.com/t5/alfresco-archive/alfresco-cas-single-sign-on-single-sign-out-solution/m-p/188763#M141893 Hi,I am new to alfresco and I faced lot of problems in configuring alfresco with CAS single sign on (and single sign out) but i have successfully done it and providing steps of the same so that others can do it easily.Environment :Apache Tomcat 5.5.26cas-server-3.2.1Alfresco 2.1 Community EditionCAS Tue, 24 Mar 2009 08:33:00 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-cas-single-sign-on-single-sign-out-solution/m-p/188763#M141893 umeshcse3 2009-03-24T08:33:00Z Re: Alfresco + CAS + single sign on + single sign out + solution https://connect.hyland.com/t5/alfresco-archive/alfresco-cas-single-sign-on-single-sign-out-solution/m-p/188764#M141894 <HTML><HEAD></HEAD><BODY><SPAN>this is great i'm going to try it as i didn't succeed, thx!</SPAN></BODY></HTML> Wed, 26 Aug 2009 22:02:36 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-cas-single-sign-on-single-sign-out-solution/m-p/188764#M141894 w0lf 2009-08-26T22:02:36Z