topic Re: Shibboleth Single Sign-On in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80913#M54066 <HTML><HEAD></HEAD><BODY><SPAN>We have been using Alfresco with the Guanxi implementation of the Shibboleth SAML profile. Written entirely in Java by Alistair Young at the University of the Highlands and Islands, all Guanxi modules are fully compatible with the Internet2 implementation and also fully compatible with the UK Access Management Federation and OpenAthens. I have put some notes on our blog at </SPAN><A href="http://www.socketelf.org:8080/roller/amset/entry/shibbing_alfresco" rel="nofollow noopener noreferrer">http://www.socketelf.org:8080/roller/amset/entry/shibbing_alfresco</A><SPAN>.</SPAN></BODY></HTML> Tue, 16 Jun 2009 14:44:22 GMT agbooth 2009-06-16T14:44:22Z Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80905#M54058 Anyone of you guys has integrated Alfresco in a federated Shibboleth scenario?Thanks.Nik Mon, 30 Apr 2007 22:18:47 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80905#M54058 n_toscani 2007-04-30T22:18:47Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80906#M54059 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>I have not heard of anything.</SPAN><BR /><SPAN>What is required? Does it just set&nbsp; some HTTP header with the user name?</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Wed, 09 May 2007 10:46:10 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80906#M54059 andy 2007-05-09T10:46:10Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80907#M54060 <HTML><HEAD></HEAD><BODY><SPAN>I'm working on Shibboleth SSO right now. There's a few different approaches&nbsp; and I think we will have a go with Tomcat/CAS-filter. I'll release all the code and configuration when finished - some time before september.</SPAN></BODY></HTML> Mon, 23 Jul 2007 12:10:10 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80907#M54060 kimmoilppola 2007-07-23T12:10:10Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80908#M54061 <HTML><HEAD></HEAD><BODY><SPAN>after stumbling deeper into shibboleth I think we'll handle this with apache instead.</SPAN></BODY></HTML> Tue, 24 Jul 2007 10:47:00 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80908#M54061 kimmoilppola 2007-07-24T10:47:00Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80909#M54062 <HTML><HEAD></HEAD><BODY><SPAN>Hi, we are also interested in the use of Shibboleth with Alfresco. </SPAN><BR /><SPAN>Have you made some progress on this ?</SPAN><BR /><BR /><SPAN>Denis</SPAN></BODY></HTML> Wed, 19 Mar 2008 11:39:32 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80909#M54062 dgenard 2008-03-19T11:39:32Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80910#M54063 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote">Hi, we are also interested in the use of Shibboleth with Alfresco. <BR />Have you made some progress on this ?<BR /><BR />Denis</BLOCKQUOTE><SPAN>Hi Denis,</SPAN><BR /><SPAN>It's been a while and we have been really busy here but.. I came up with this implementation of SSO with Shibboleths Apache module and Alfresco 2.1. I think my work may need auditing so I sent it to Will but I think he's too busy so here it is:</SPAN><BR /><BR /><SPAN>Shibboleth 1.X does not have a java module for Service Providers so we are stuck with using apache,shibd and mod_jk.</SPAN><BR /><SPAN>I wont go into detail how to setup apache &amp; shibd as they are specific to Shibboleth and well documented in </SPAN><A href="http://shibboleth.internet2.edu/" rel="nofollow noopener noreferrer">http://shibboleth.internet2.edu/</A><BR /><SPAN>The trick is to setup apache and shibd properly, then install mod_jk (alternatively proxy ajp). Next we configure Tomcat (or</SPAN><BR /><SPAN>whatever application server you are using) to use AJP and disable all other connectors. For Tomcat this is done in conf/server.xml and is</SPAN><BR /><SPAN>well documented there. After that you have to see that attributes from AAP.xml match those in shibbolethAttributes.properties file that you</SPAN><BR /><SPAN>place in your classpath. You also have to configure Alfresco web-client to use this ShibbolethHTTPRequestAuthenticationFilter in Alfresco's web.xml.</SPAN><BR /><SPAN>Additionally if you want to have administrators you configure those as with any other authentication (ie. in authority-services-context.xml)</SPAN><BR /><BR /><SPAN>I know it's a bit of a hack to create/update user preferences in the filter but as Shibboleth doesn't provide any means of synchronization I couldn't figure out a better way to do it. If you want to test it somewhere you will have a hard time learning Shibboleth itself as it basically needs at least a client and a server. I remember there is a testing identity-provider somewhere so you can try it with a minimal installation of a service-provider only (but with limited attributes).</SPAN><BR /><BR /><SPAN>When (if not already) Shibboleth 2 supports Java this should be reimplemented.</SPAN><BR /><BR /><STRONG>ShibbolethHTTPRequestAuthenticationFilter.java</STRONG><BR /><PRE class="language-none line-numbers"><CODE><BR />package org.alfresco.web.app.servlet;<BR /><BR />import org.alfresco.model.ContentModel;<BR />import org.alfresco.repo.security.authentication.AuthenticationComponent;<BR />import org.alfresco.repo.security.authentication.AuthenticationException;<BR />import org.alfresco.repo.security.authentication.MutableAuthenticationDao;<BR />import org.alfresco.repo.webservice.administration.NewUserDetails;<BR />import org.alfresco.repo.webservice.types.NamedValue;<BR />import org.alfresco.service.ServiceRegistry;<BR />import org.alfresco.service.cmr.repository.NodeRef;<BR />import org.alfresco.service.cmr.repository.NodeService;<BR />import org.alfresco.service.cmr.repository.StoreRef;<BR />import org.alfresco.service.cmr.security.AuthenticationService;<BR />import org.alfresco.service.cmr.security.PersonService;<BR />import org.alfresco.service.cmr.search.SearchService;<BR />import org.alfresco.service.cmr.search.ResultSet;<BR />import org.alfresco.service.namespace.QName;<BR />import org.alfresco.service.transaction.TransactionService;<BR />import org.alfresco.web.bean.LoginBean;<BR />import org.alfresco.web.bean.repository.User;<BR />import org.alfresco.web.app.Application;<BR />import org.apache.commons.logging.Log;<BR />import org.apache.commons.logging.LogFactory;<BR />import org.springframework.web.context.WebApplicationContext;<BR />import org.springframework.web.context.support.WebApplicationContextUtils;<BR /><BR />import javax.servlet.*;<BR />import javax.servlet.http.HttpServletRequest;<BR />import javax.servlet.http.HttpServletResponse;<BR />import javax.servlet.http.HttpSession;<BR />import javax.transaction.UserTransaction;<BR />import javax.transaction.SystemException;<BR />import java.io.IOException;<BR />import java.io.InputStream;<BR />import java.io.Serializable;<BR />import java.io.UnsupportedEncodingException;<BR />import java.util.*;<BR /><BR />/**<BR /> *<BR /> *<BR /> * @author Kimmo Ilppola<BR /> */<BR />public class ShibbolethHTTPRequestAuthenticationFilter extends AbstractAuthenticationFilter implements Filter<BR />{<BR />&nbsp;&nbsp;&nbsp; /** Location of configuration file on classpath */<BR />&nbsp;&nbsp;&nbsp; private final static String PROPERTY_FILE = "/shibbolethAttributes.properties";<BR />&nbsp;&nbsp;&nbsp; private static Properties CONFIG_PROPERTIES;<BR />&nbsp;&nbsp;&nbsp; /* Name of header properties */<BR />&nbsp;&nbsp;&nbsp; private final static String SHIB_USER = "header.username";<BR />&nbsp;&nbsp;&nbsp; private final static String FIRSTNAME_HEADER_NAME_PROPERTY = "header.firstname";<BR />&nbsp;&nbsp;&nbsp; private final static String LASTNAME_HEADER_NAME_PROPERTY = "header.lastname";<BR />&nbsp;&nbsp;&nbsp; private final static String ORGID_HEADER_NAME_PROPERTY = "header.orgId";<BR />&nbsp;&nbsp;&nbsp; private final static String EMAIL_HEADER_NAME_PROPERTY = "header.email";<BR />&nbsp;&nbsp;&nbsp; private final static String LOGOUT_URL_HEADER_NAME_PROPERTY = "header.logout-url";<BR /><BR />&nbsp;&nbsp;&nbsp; private static String shibUserNameHeaderName = "Shib-InetOrgPerson-uid";<BR />&nbsp;&nbsp;&nbsp; private static String firstNameHeaderName = "Shib-InetOrgPerson-givenName";<BR />&nbsp;&nbsp;&nbsp; private static String lastNameHeaderName = "Shib-InetOrgPerson-cn";<BR />&nbsp;&nbsp;&nbsp; private static String emailHeaderName = "Shib-InetOrgPerson-mail";<BR />&nbsp;&nbsp;&nbsp; private static String orgIdNumHeaderName = "Shib-InetOrgPerson-ou";<BR />&nbsp;&nbsp;&nbsp; private static String logoutUrlHeaderName = "logout-url";<BR /><BR />&nbsp;&nbsp;&nbsp; private static Log logger = LogFactory.getLog(ShibbolethHTTPRequestAuthenticationFilter.class);<BR /><BR />&nbsp;&nbsp;&nbsp; private ServletContext context;<BR />&nbsp;&nbsp;&nbsp; private AuthenticationComponent authComponent;<BR />&nbsp;&nbsp;&nbsp; private AuthenticationService authService;<BR />&nbsp;&nbsp;&nbsp; private TransactionService transactionService;<BR />&nbsp;&nbsp;&nbsp; private PersonService personService;<BR />&nbsp;&nbsp;&nbsp; private NodeService nodeService;<BR />&nbsp;&nbsp;&nbsp; private MutableAuthenticationDao authenticationDao;<BR />&nbsp;&nbsp;&nbsp; private SearchService searchService;<BR />&nbsp;&nbsp;&nbsp; private String loginPage = null;<BR /><BR />&nbsp;&nbsp;&nbsp; public ShibbolethHTTPRequestAuthenticationFilter()<BR />&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; super();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (logger.isDebugEnabled()) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.debug("Initializing shibboleth authenticator using property file " + PROPERTY_FILE);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; InputStream propsIn = ShibbolethHTTPRequestAuthenticationFilter.class.getResourceAsStream(PROPERTY_FILE);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CONFIG_PROPERTIES = new Properties();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CONFIG_PROPERTIES.load(propsIn);<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; shibUserNameHeaderName = CONFIG_PROPERTIES.getProperty(SHIB_USER);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; firstNameHeaderName = CONFIG_PROPERTIES.getProperty(FIRSTNAME_HEADER_NAME_PROPERTY);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lastNameHeaderName = CONFIG_PROPERTIES.getProperty(LASTNAME_HEADER_NAME_PROPERTY);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; emailHeaderName = CONFIG_PROPERTIES.getProperty(EMAIL_HEADER_NAME_PROPERTY);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; orgIdNumHeaderName = CONFIG_PROPERTIES.getProperty(ORGID_HEADER_NAME_PROPERTY);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logoutUrlHeaderName = CONFIG_PROPERTIES.getProperty(LOGOUT_URL_HEADER_NAME_PROPERTY);<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (IOException e) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.warn("ShibbolethHTTPRequestAuthenticationFilter is unable to read properties file, using default properties", e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp; public void destroy()<BR />&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Nothing to do<BR />&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp; /**<BR />&nbsp;&nbsp;&nbsp;&nbsp; * Run the filter<BR />&nbsp;&nbsp;&nbsp;&nbsp; *<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @param sreq<BR />&nbsp;&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServletRequest<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @param sresp<BR />&nbsp;&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServletResponse<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @param chain<BR />&nbsp;&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; FilterChain<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @exception IOException<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @exception ServletException<BR />&nbsp;&nbsp;&nbsp;&nbsp; */<BR />&nbsp;&nbsp;&nbsp; public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain chain) throws IOException,<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServletException<BR />&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Get the HTTP request/response/session<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HttpServletRequest req = (HttpServletRequest) sreq;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HttpServletResponse resp = (HttpServletResponse) sresp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HttpSession httpSess = req.getSession(true);<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String authHdr = req.getHeader( shibUserNameHeaderName );<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(logger.isDebugEnabled()) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.debug("ShibbolethHTTPRequestAuthenticationFilter uri: "+req.getRequestURI()+", authHdr: "+authHdr);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Throw an error if we have an unknown authentication<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if ((authHdr == null) || (authHdr.length() &lt; 1))<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; resp.sendRedirect(req.getContextPath() + "/jsp/noaccess.jsp");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BaseServlet.redirectToLoginPage((HttpServletRequest)sreq, (HttpServletResponse)sresp, context);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; chain.doFilter(sreq, sresp);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // redirect login/logout to shibboleth logout url<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // todo: this doesn't work yet<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (req.getRequestURI().endsWith(getLoginPage())) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; resp.sendRedirect( req.getHeader(logoutUrlHeaderName) );<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // See if there is a user in the session and test if it matches<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; User user = (User) httpSess.getAttribute(AuthenticationHelper.AUTHENTICATION_USER);<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (user != null)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Debug<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (logger.isDebugEnabled())<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.debug("User " + user.getUserName() + " validate ticket");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Validate the user. Shibboleth allready validates the ticket so we just need to check the userName<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // todo : is this validation reduntant?<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (user.getUserName().equals(authHdr))<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authComponent.setCurrentUser(user.getUserName());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; chain.doFilter(sreq, sresp);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // No match<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; setAuthenticatedUser(req, httpSess, authHdr);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; catch (Throwable ex)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (logger.isErrorEnabled())<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error("Failed to validate user " + user.getUserName(), ex);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; setAuthenticatedUser(req, httpSess, authHdr);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; chain.doFilter(sreq, sresp);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return;<BR />&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp; /**<BR />&nbsp;&nbsp;&nbsp;&nbsp; * Set the authenticated user.<BR />&nbsp;&nbsp;&nbsp;&nbsp; *<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @param req<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @param httpSess<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @param userName<BR />&nbsp;&nbsp;&nbsp;&nbsp; */<BR />&nbsp;&nbsp;&nbsp; private void setAuthenticatedUser(HttpServletRequest req, HttpSession httpSess, String userName)<BR />&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // shibboleth does not provide any other means to import users <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; addShibUser(req,httpSess);<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; UserTransaction atx = transactionService.getUserTransaction();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.begin();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Set the authentication<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authComponent.setCurrentUser(userName);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.commit();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (Throwable e) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error(e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.rollback();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (SystemException e1) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error("Failed to rollback transaction", e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Set up the user information<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Note that we have to create users here as we have no other way of retrieving user-attributes<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; UserTransaction tx = transactionService.getUserTransaction();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NodeRef homeSpaceRef = null;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; User user;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tx.begin();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; user = new User(userName, authService.getCurrentTicket(), personService.getPerson(userName));<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; homeSpaceRef = (NodeRef) nodeService.getProperty(personService.getPerson(userName),<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ContentModel.PROP_HOMEFOLDER);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; user.setHomeSpaceId(homeSpaceRef.getId());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tx.commit();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; catch (Throwable ex)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error(ex);<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tx.rollback();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; catch (Exception ex2)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error("Failed to rollback transaction", ex2);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(ex instanceof RuntimeException)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; throw (RuntimeException)ex;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; throw new RuntimeException("Failed to set authenticated user", ex);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Store the user<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; httpSess.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; httpSess.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE);<BR /><BR />&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp; protected NodeRef getCompanyHome()<BR />&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp; StoreRef storeRef = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, "SpacesStore");<BR />&nbsp;&nbsp;&nbsp; ResultSet resultSet = searchService.query(storeRef, SearchService.LANGUAGE_LUCENE, "PATH:\"/app:company_home\"");<BR />&nbsp;&nbsp;&nbsp; return resultSet.getNodeRef(0);<BR />&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp; /**<BR />&nbsp;&nbsp;&nbsp;&nbsp; * @return The login page url<BR />&nbsp;&nbsp;&nbsp;&nbsp; */<BR />&nbsp;&nbsp;&nbsp; private String getLoginPage()<BR />&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (this.loginPage == null)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; this.loginPage = Application.getLoginPage(this.context);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return this.loginPage;<BR />&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp; private boolean addShibUser(HttpServletRequest req, HttpSession httpSess) {<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // get all properties from header<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String userName = req.getHeader( shibUserNameHeaderName );<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String orgId = req.getHeader(orgIdNumHeaderName);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String firstName = req.getHeader(firstNameHeaderName);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String lastName = req.getHeader(lastNameHeaderName);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String email = req.getHeader( emailHeaderName );<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Create a new authentication<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // todo: passwords should not be stored!<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authService.createAuthentication(userName, "90wy3vgyn0w394vf".toCharArray());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (AuthenticationException e) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.info( "User allready exists, authenticating..");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return false;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } finally {<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; UserTransaction atx = transactionService.getUserTransaction();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.begin();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Set the authentication<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // todo: can we do this otherwise? we are not yet authenticated<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authComponent.setCurrentUser("admin");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.commit();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (Throwable e) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error(e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.rollback();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (SystemException e1) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error("Failed to rollback transaction", e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // todo: use homeFolderProvider<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String homeFolder = "workspace://SpacesStore/"+getCompanyHome().getId();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // create new userDetails object<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NewUserDetails newUser = new NewUserDetails();<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.info("newuser.setUserName :"+userName);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; newUser.setUserName(userName);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; newUser.setPassword("shibboleth");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; newUser.setProperties(<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; createPersonProperties( homeFolder , firstName, "", lastName, email, orgId)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; );<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(!personService.personExists(newUser.getUserName()))<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx = transactionService.getUserTransaction();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.begin();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Create a new user<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authenticationDao.createUser(newUser.getUserName(),"shibboleth".toCharArray());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Create a new person<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Map&lt;QName, Serializable&gt; properties = new HashMap&lt;QName, Serializable&gt;(7);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.info("properties.put username : "+newUser.getUserName());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; properties.put(ContentModel.PROP_USERNAME, newUser.getUserName());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; for (NamedValue namedValue : newUser.getProperties())<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.info("properties.put "+namedValue.getName()+" : "+namedValue.getValue());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; properties.put(QName.createQName(namedValue.getName()), namedValue.getValue());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NodeRef personNodeRef = personService.createPerson(properties);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.commit();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (Throwable e) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error(e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.rollback();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (SystemException e1) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error("Failed to rollback transaction", e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } else {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.info("User "+userName+" exists, updating..");<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx = transactionService.getUserTransaction();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.begin();<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Map&lt;QName, Serializable&gt; properties = new HashMap&lt;QName, Serializable&gt;(7);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.info("properties.put username : "+newUser.getUserName());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; properties.put(ContentModel.PROP_USERNAME, newUser.getUserName());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; for (NamedValue namedValue : newUser.getProperties())<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.info("properties.put "+namedValue.getName()+" : "+namedValue.getValue());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; properties.put(QName.createQName(namedValue.getName()), namedValue.getValue());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; personService.setPersonProperties(userName,properties);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.commit();<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (Throwable e) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error(e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; atx.rollback();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (SystemException e1) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; logger.error("Failed to rollback transaction", e);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR /><BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authService.clearCurrentSecurityContext();<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return true;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp; }<BR /><BR />&nbsp;&nbsp;&nbsp; private NamedValue[] createPersonProperties(<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String homeFolder,<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String firstName,<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String middleName,<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String lastName,<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String email,<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String orgId)<BR />&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Create the new user objects<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return new NamedValue[] {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; new NamedValue("{<A href="http://www.alfresco.org/model/content/1.0}homeFolder" rel="nofollow noopener noreferrer">http://www.alfresco.org/model/content/1.0}homeFolder</A>", false, homeFolder, null),<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; new NamedValue("{<A href="http://www.alfresco.org/model/content/1.0}firstName" rel="nofollow noopener noreferrer">http://www.alfresco.org/model/content/1.0}firstName</A>", false, firstName, null),<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; new NamedValue("{<A href="http://www.alfresco.org/model/content/1.0}middleName" rel="nofollow noopener noreferrer">http://www.alfresco.org/model/content/1.0}middleName</A>", false, middleName, null),<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; new NamedValue("{<A href="http://www.alfresco.org/model/content/1.0}lastName" rel="nofollow noopener noreferrer">http://www.alfresco.org/model/content/1.0}lastName</A>", false, lastName, null),<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; new NamedValue("{<A href="http://www.alfresco.org/model/content/1.0}email" rel="nofollow noopener noreferrer">http://www.alfresco.org/model/content/1.0}email</A>", false, email, null),<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; new NamedValue("{<A href="http://www.alfresco.org/model/content/1.0}organizationId" rel="nofollow noopener noreferrer">http://www.alfresco.org/model/content/1.0}organizationId</A>", false, orgId, null) };<BR />&nbsp;&nbsp;&nbsp; }<BR />&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp; public void init(FilterConfig config) throws ServletException<BR />&nbsp;&nbsp;&nbsp; {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; this.context = config.getServletContext();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; transactionService = serviceRegistry.getTransactionService();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; nodeService = serviceRegistry.getNodeService();<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authComponent = (AuthenticationComponent) ctx.getBean("AuthenticationComponent");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authService = (AuthenticationService) ctx.getBean("AuthenticationService");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; personService = (PersonService) ctx.getBean("PersonService");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authenticationDao = (MutableAuthenticationDao) ctx.getBean("authenticationDao");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; searchService = (SearchService) ctx.getBean("SearchService");<BR />&nbsp;&nbsp;&nbsp; }<BR />}<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><STRONG>shibbolethAttributes.properties</STRONG><BR /><PRE class="language-none line-numbers"><CODE># Take note how you want shibboleth attributess mapped to alfresco<BR /># These need to match parameters defined in AAP.xml (attribute acceptance policy)<BR /># logout-url is the page that should be displayed upon logout (invalidating shibd-session is not yet implemented)<BR />header.username = Shib-InetOrgPerson-uid<BR />header.firstname = Shib-InetOrgPerson-givenName<BR />header.lastname = Shib-InetOrgPerson-cn<BR />header.email = Shib-InetOrgPerson-mail<BR />header.orgId = Shib-InetOrgPerson-ou<BR />header.logout-url = logout-url<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE></BODY></HTML> Fri, 16 May 2008 11:18:26 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80910#M54063 kimmoilppola 2008-05-16T11:18:26Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80911#M54064 <HTML><HEAD></HEAD><BODY><SPAN>Thanks a lot for your helpful feedback !</SPAN><BR /><BR /><SPAN>Denis</SPAN></BODY></HTML> Fri, 16 May 2008 14:51:46 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80911#M54064 dgenard 2008-05-16T14:51:46Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80912#M54065 <HTML><HEAD></HEAD><BODY><SPAN>Hi all,</SPAN><BR /><BR /><SPAN>is kimmoilppola's solution still working in the 3.1 release?</SPAN><BR /><BR /><SPAN>regards,</SPAN><BR /><SPAN>Niels</SPAN></BODY></HTML> Tue, 21 Apr 2009 13:28:46 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80912#M54065 lunchbox 2009-04-21T13:28:46Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80913#M54066 <HTML><HEAD></HEAD><BODY><SPAN>We have been using Alfresco with the Guanxi implementation of the Shibboleth SAML profile. Written entirely in Java by Alistair Young at the University of the Highlands and Islands, all Guanxi modules are fully compatible with the Internet2 implementation and also fully compatible with the UK Access Management Federation and OpenAthens. I have put some notes on our blog at </SPAN><A href="http://www.socketelf.org:8080/roller/amset/entry/shibbing_alfresco" rel="nofollow noopener noreferrer">http://www.socketelf.org:8080/roller/amset/entry/shibbing_alfresco</A><SPAN>.</SPAN></BODY></HTML> Tue, 16 Jun 2009 14:44:22 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80913#M54066 agbooth 2009-06-16T14:44:22Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80914#M54067 <HTML><HEAD></HEAD><BODY><SPAN>thanx!</SPAN></BODY></HTML> Fri, 26 Jun 2009 13:17:00 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80914#M54067 lunchbox 2009-06-26T13:17:00Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80915#M54068 <HTML><HEAD></HEAD><BODY><SPAN>Bit late, but it might help someone.</SPAN><BR /><BR /><SPAN>The AMSeT project team has moved on and the original blog and web site are no longer supported by the University of Leeds.</SPAN><BR /><BR /><SPAN>A copy of the blog post describing the shibbing of Alfresco using Guanxi can be found at:</SPAN><BR /><BR /><A href="https://elgg.leeds.ac.uk/bmb6agb/weblog/16226.html" rel="nofollow noopener noreferrer">https://elgg.leeds.ac.uk/bmb6agb/weblog/16226.html</A><BR /><BR /><SPAN>Regards,</SPAN><BR /><BR /><SPAN>clayton</SPAN></BODY></HTML> Thu, 28 Oct 2010 01:01:12 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80915#M54068 clayton 2010-10-28T01:01:12Z Re: Shibboleth Single Sign-On https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80916#M54069 <HTML><HEAD></HEAD><BODY><SPAN>I am also looking for alfresco - shobboleth integration. i am facing problem for login when shibboleth redirect to alfresco. i am not able to get the header information in filter. </SPAN><BR /><SPAN>is there any setting required at shibboleth side or at alfresco side?</SPAN><BR /><BR /><SPAN>Thanks in advance, any reply on this much appreciated.</SPAN></BODY></HTML> Wed, 20 Jul 2011 12:14:57 GMT https://connect.hyland.com/t5/alfresco-archive/shibboleth-single-sign-on/m-p/80916#M54069 jayesh_prajapat 2011-07-20T12:14:57Z