topic Re: CAS Authentication problem with Alfresco 2 in Alfresco Archive

CAS Authentication problem with Alfresco 2

alarocca — Wed, 28 Mar 2007 10:13:37 GMT

Hi,as I wrote few weeks ago, I successfully had Alfresco 1.4 authenticating user by means of CAS (see here).Now setting the same configuration with Alfresco 2, I get the following errorrg.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required Any hint?

Re: CAS Authentication problem with Alfresco 2

sebastien_marin — Fri, 30 Mar 2007 14:46:45 GMT

Hi, so i am trying to do the same thing as you and i have the same starck trace. I apply the cas Filter for 1.4 (post…) in a liferay 4.2.1 and alfresco 2.0 community.

So that problem is registered in :
http://issues.alfresco.com/browse/AR-1263
The topic talking about it is :
http://forums.alfresco.com/viewtopic.php?t=5125&postdays=0&postorder=asc&start=30

So if i understand, the bug is as been patched in the Alfresco 2.0 Enterprise version and will be in the next Community Release.

So can Alfresco Team send us the modification that they apply in the NTLM auth… class. We will probably able to apply them in teh CAS Auth.. class

So, good luck, we've got the same aim.

Thank to the Alfresco team and community.

Re: CAS Authentication problem with Alfresco 2

andy — Mon, 02 Apr 2007 09:16:54 GMT

Hi

In 2.0 the "authenticationComponent" and "authenticationService" had some historical transaction support removed.

You can fix the issue by calling these service as you have them inside a user transaction. Alternatively, you can just use the transactional versions of the services, i.e. "AuthenticationComponent" and "AuthenticationService".

For example:


authComponent = (AuthenticationComponent) ctx.getBean("AuthenticationComponent"); 
‍‍‍

The NTLM filter was modified to use the public services, as above (those starting with a capital letter)

Regards

Andy

Re: CAS Authentication problem with Alfresco 2

sebastien_marin — Mon, 02 Apr 2007 14:34:04 GMT

Hi, i try to use the services with the capiotal letter and it is OK, i have no synchronisation error.

Now, the ticket is validated, the current user is set, it is put on the httpsession, ……
All is ok, i am redirected to the browse.jsp and there is no error but the problem is that i am on the guest welcome page and not connected with my current user…

What could be the problem ? What are the parameter to set to be redirected with the current user .

Thank you, we will soon plug-in the CAS Autologin !

Re: CAS Authentication problem with Alfresco 2

sebastien_marin — Mon, 02 Apr 2007 16:39:55 GMT

ok, so i have news. My cas filter works fine when i acces to the webapp with /alfresco context.

So my problem is that my Alfresco is in a Liferay portal. The AlfrescoFacesPortlet is called before CASFilter.

There is no user the first time and no viewID so a GUEST user is authentificated in the PortletSession.

In my CAS Filter, i work on the HTTPSession.

So, alfresco portlet seems to look for the portlet Session user and not the httpSession user.

Do you have any idea to solve that problem ?

Thank you very much.

Re: CAS Authentication problem with Alfresco 2

sebastien_marin — Tue, 03 Apr 2007 13:06:16 GMT

hi, thank you to remove the bad post lol.

So, i have no idea how i can apply the CAS Filter or NTLM filter or Novell Filter in a portal environment…

Can you help me .?

Re: CAS Authentication problem with Alfresco 2

ananius — Wed, 11 Apr 2007 18:57:16 GMT

Filters don't get called in portlet environment.

With Liferay 4.2.1 + Alfresco 1.4 we have CAS-authentication working, based partly on posts here, eg http://forums.alfresco.com/viewtopic.php?t=3014 . I'm not sure if this helps with Alfresco 2.0, but I hope so.

So we have done following changes:

1. AlfrescoFacesPortlet -class (user has already logged in via CASFilter configured in liferay's web.xml)

at first line of processAction and facesRender we call ensureLogin(request), and the ensureLogin-method is implemented followingly:


    private void ensureLogin(PortletRequest request) {


        javax.portlet.PortletContext portletContext = getPortletContext();
        WebApplicationContext ctx = (WebApplicationContext)portletContext.getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);

        ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
        NodeService fNodeService = serviceRegistry.getNodeService();
        TransactionService fTransactionService = serviceRegistry.getTransactionService();

        AuthenticationService fAuthService = (AuthenticationService) ctx.getBean("authenticationService");
        AuthenticationComponent fAuthComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
        PersonService fPersonService = (PersonService) ctx.getBean("personService");
        AuthenticationDao authenticationDao = (AuthenticationDao) ctx.getBean("authenticationDao");

        PortletSession session = request.getPortletSession();

        User user = (User) session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER);

        if (user == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("session user attirbute is null.");
            }

//            String ssoUser = Utils.getSsoUser(session);
            String ssoUser = request.getRemoteUser();

            UserTransaction tx = fTransactionService.getUserTransaction();
            NodeRef homeSpaceRef = null;

            try {
                tx.begin();

                fAuthComponent.setCurrentUser(""+ssoUser);

                // The user name used may be a different case to the NTLM supplied user name, read the current
                // user and use that name
                String userName = fAuthComponent.getCurrentUserName();

                // Setup User object and Home space ID etc.
                NodeRef personNodeRef = fPersonService.getPerson(userName);
                String currentTicket = fAuthService.getCurrentTicket();
                user = new User(userName, currentTicket, personNodeRef);

                homeSpaceRef = (NodeRef) fNodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
                user.setHomeSpaceId(homeSpaceRef.getId());

                tx.commit();
            }
            catch (Throwable ex) {
                try {
                    tx.rollback();
                }
                catch (Exception ex2) {
                    logger.error("Failed to rollback transaction", ex2);
                }
                ex.printStackTrace(); // todo: temp
            }

            // Store the user

            session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);

            // I'm not sure if this parameter is necessary?
            session.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE);

            // Note! If you wanted to do any fancy Locale stuff, you should do it here.

            if (logger.isDebugEnabled()) {
                logger.debug("User logged on via JOSSO");
            }

        }
    }
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

2. in authentication-services-context.xml we replaced the authenticationComponentImpl with


    <bean id="authenticationComponentImpl" class="org.quosis.alfresco.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
        <property name="accept">
            <value>true</value>
        </property>
    </bean>
‍‍‍‍‍‍‍

the class is:


public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl {
    public NTLMMode getNTLMMode() {
        return NTLMMode.PASS_THROUGH;
    }
}
‍‍‍‍‍‍‍

I hope I didn't forget something.