Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- Alfresco 5 Share + CAS 3.5.2 + CAS Client 3.3.3 ti...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alfresco 5 Share + CAS 3.5.2 + CAS Client 3.3.3 ticket validation problem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2015 09:33 AM
Hi,
I'm working on this integration by the last 3-4 days.I have read a lot of threads and topics and resolved a lot of problema.
Now I have last problem on tickect validation on the cas server.
This is the scenario:
I'd want to configure share for SSO with CAS on LDAP,but when I login with credential the next call to cas ticket validator fials because Cas Server receive URL plus 3 times share context:
ticket 'ST-17-H3Ideiv7vHkeonY3j1Dg-cas01.example.org' does not match supplied service. The original service was 'https://machinename:8443/share/share/' and the supplied service was 'https://machinename:8443/share/share/share/'.
Where is the problem? there any problems with this softwares version?
Firs of all,I have followed the topics and modified the configuration files manually.
I have to use alfresco admin console instead?
Is possible to configure on SSO CAS only share app? Or I have to configure alfresco app too?
I have 1 machine with 2 tomcat,1 for cas server and 1 for alfresco server.I have my own certificates with ext=dns ( the same for 2 tomcat instances ) signed by my own CA,in my own keystore.All works.
I have java 7 and java 8 for cas tomcat and alfresco tomcat.
I have tried to uncomment the SSO valve on alfresco tomcat server.xml…same problem occurs
I have modified these files:
share web.xml
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://machinename:18443/cas-server-webapp/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://machinename:8443/share</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://machinename:18443/cas-server-webapp</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://machinename:8443/share</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
all the other filters and filter mapping commented
I have tried with Cas10TickectValidationFilter too….same prolbem
alfresco-global-properties
authentication.chain=cas:external
external.authentication.proxyUserName=
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=X-Alfresco-Remote-User
web-extension/share-config-custom.xml
uncommented and configured
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>//certificates/myidentitykeystore.jks</path>
<type>jks</type>
<password>password</password>
</keystore>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>X-Alfresco-Remote-User</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>https://machinename:8443/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>https://machinename:8443/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-api</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Public API - user access</name>
<description>Access to Alfresco Repository Public API that require user authentication.
This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>https://machinename:8443/alfresco/api</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
Could anyone help me please?
I'm working on this integration by the last 3-4 days.I have read a lot of threads and topics and resolved a lot of problema.
Now I have last problem on tickect validation on the cas server.
This is the scenario:
I'd want to configure share for SSO with CAS on LDAP,but when I login with credential the next call to cas ticket validator fials because Cas Server receive URL plus 3 times share context:
ticket 'ST-17-H3Ideiv7vHkeonY3j1Dg-cas01.example.org' does not match supplied service. The original service was 'https://machinename:8443/share/share/' and the supplied service was 'https://machinename:8443/share/share/share/'.
Where is the problem? there any problems with this softwares version?
Firs of all,I have followed the topics and modified the configuration files manually.
I have to use alfresco admin console instead?
Is possible to configure on SSO CAS only share app? Or I have to configure alfresco app too?
I have 1 machine with 2 tomcat,1 for cas server and 1 for alfresco server.I have my own certificates with ext=dns ( the same for 2 tomcat instances ) signed by my own CA,in my own keystore.All works.
I have java 7 and java 8 for cas tomcat and alfresco tomcat.
I have tried to uncomment the SSO valve on alfresco tomcat server.xml…same problem occurs
I have modified these files:
share web.xml
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://machinename:18443/cas-server-webapp/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://machinename:8443/share</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://machinename:18443/cas-server-webapp</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://machinename:8443/share</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
all the other filters and filter mapping commented
I have tried with Cas10TickectValidationFilter too….same prolbem
alfresco-global-properties
authentication.chain=cas:external
external.authentication.proxyUserName=
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=X-Alfresco-Remote-User
web-extension/share-config-custom.xml
uncommented and configured
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>//certificates/myidentitykeystore.jks</path>
<type>jks</type>
<password>password</password>
</keystore>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>X-Alfresco-Remote-User</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>https://machinename:8443/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>https://machinename:8443/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-api</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Public API - user access</name>
<description>Access to Alfresco Repository Public API that require user authentication.
This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>https://machinename:8443/alfresco/api</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
Could anyone help me please?
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2015 05:29 AM
You shouldn't need /share at the end of the serverName param
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2015 09:32 AM
Hi,
please could you add more detailed configuration?
I am trying to solve similar problem with the CASifying Alfresco community 5.0.d through CAS client.
I also tried to use mod_auth_cas also with no success (after CAS login I was redirected back to Alfresco share login page to login again)
Thank you very much!
Br, Jakub
please could you add more detailed configuration?
I am trying to solve similar problem with the CASifying Alfresco community 5.0.d through CAS client.
I also tried to use mod_auth_cas also with no success (after CAS login I was redirected back to Alfresco share login page to login again)
Thank you very much!
Br, Jakub
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
