topic Re: permanent links and CAS authentication in Nuxeo Forum

permanent links and CAS authentication

manuek_ — Mon, 03 Jun 2013 16:36:42 GMT

Hi,

We still have problem with CAS Authentication and permanent links even without using ANONYMOUS_AUTH_FOR_CAS2 plugin (see http://answers.nuxeo.com/questions/5445/permanent-links-dont-work-with-cas-authentication), but another kind.

If document can be reached with its permanent link, other links in the page (other workspaces or "deconnection button") are broken: we got a "page not found" when we used them.

This happen when there is no previous cookies in the browser (no connection to nuxeo plateform before use of the direct link).

In this case, URLs of the links contain the substring "jsessionid=....."

Ex.: http://localhost/nuxeo/nxpath/default/default-domain/workspaces/niv2@view_documents;jsessionid=4E26E6BDDFB2E0220550C9728EB97927.nuxeo?tabIds=%3A&conversationId=0NXMAIN1

After a back with the link given in the error page, the URL become :

http://localhost/nuxeo/nxpath/default/default-domain/workspaces/niv2@view_documents?tabIds=%3A&conversationId=0NXMAIN2

and works.

Has someone experienced the same behaviour?

Thanks

Re: permanent links and CAS authentication

cburch_ — Mon, 04 Nov 2013 13:37:32 GMT

We have the same issue w/ our custom auth plugin, not sure how to fix yet. Perhaps there is some way to create the nuxeo session during authentication?

Re: permanent links and CAS authentication

manuek_ — Mon, 04 Nov 2013 14:07:10 GMT

I don't know how to solve this problem.

Re: permanent links and CAS authentication

cburch_ — Thu, 05 Dec 2013 21:57:55 GMT

Hi I found a solution for my authenticator, I assume the same thing is happening in the CAS one. Sometimes the tomcat session has not been initialized during authentication (according to this post: http://stackoverflow.com/questions/595872/under-what-conditions-is-a-jsessionid-created) so I needed to add a: httpRequest.getSession(true); during the handleRetrieveIdentity method. This seems to fix my issue of Nuxeo going to a page not found after navigating following any direct link.

I think the CAS authenticator is hosted here: https://github.com/nuxeo/nuxeo-platform-login/blob/master/nuxeo-platform-login-cas2/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.java in which you could attempt just adding httpRequest.getSession(true); into the handleRetrieveIdentity function to make sure that the session has been started.

Re: permanent links and CAS authentication

vjoussot_ — Fri, 10 Oct 2014 09:16:56 GMT

Thanks for this response but can you explain how you make "so I needed to add a

Re: permanent links and CAS authentication

cburch_ — Fri, 10 Oct 2014 14:01:57 GMT

I'm not sure what would need done for the CAS plugin (probably changing the internal code to make a slightly modified one) but for our project we ended up writing our own login authenticator that we plugged into nuxeo and used that instead of CAS. If you go that route I had written a blog post describing what we had to do here: http://blogs.nuxeo.com/development/2014/01/guest-post-integrating-single-sign-sso-nuxeo-case-management/ Hopefully that can help you out.

Short answer is we created our own Authenticator class public class InfiniteAuthenticator implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension and in the override method "handlerRetrieveIdentity" we have some logic to authenticate w/ our internal system and if successful, then call: httpRequest.getSession(true);

Nuxeo's info regarding authenticators can be found here which is helpful also: http://doc.nuxeo.com/display/NXDOC/Authentication