Hyland Connect

dvelasov · ‎07-05-2008

Is it possible to configure CasAuthenticationProvider in the authentication-services-context.xml and get CAS-Alfresco Integration?
If it's not only a configuration problem and requires some programming, what I have to change inside the alfresco sources in order to get the above integration?
(My final goal is to make Web Services SOAP messages to be parsed correctly if I send CAS-ticket in the SOAP body (Proxy Ticket) - not native alfresco TICKET_
I want to provide CAS-SSO together with Alfresco Web Services. AuthenticationService - startSession("admin", "password") is not good for me as I have to use this way of authentication in my portlet without SSO now).

By the way… Acegi Security is deprecated. Why it's still used instead of the Spring Security?

dvelasov · ‎07-07-2008

Well… I figured out the probable solution to this problem. I'm going to write my own web service and include it in alfresco.war.
The second step is to analyze how to check (where to place this validation) CAS credentials which I'm going to send via SOAP and call authentication.setAuthenticated(true) on the server side.

Maybe the sequence of operations looks like the following:
1. Show the guest interface of the portlet and check for ST.
2. A user clicks on the link https://server/cas/login?service=portletURL named "Log in", for example (due to TGC the SSO is provided)
3. If ST is present then call CAS/serviceValidate?blah-blah-blah…&pgtUrl=blah-blah-blah
4. PGT is received by "my" custom servlet (pgtUrl) (Maybe I have to extend the well-known CAS servlet in order to parse the CAS HTTP-GET which contains pgtIou and pgtId) inside the same webapp context as "my" portlet.
5. The above servlet sends PGT to CAS and it returns PT.
6. After that the servlet (pgtUrl) sends PT to Alfresco MyCasAuthenticationWebService via SOAP
7. MyCasAuthenticationWebService users CAS/proxy?…. to get user name

to be continued…..

Hyland Connect

Acegi - CasAuthenticationProvider