Hyland Connect

andrepra · ‎06-10-2006

I configured SSO with some applications running on tomcat with Alfresco running on another tomcat. To do that I used CAS. I added the CAS client filter and I modified the AuthenticationFilter to read the CAS information following as examples the NTLMAuthenticationFilter. That works fine.
The problem was using the download and the template servlet. I added the servlets path to the mapping of the previus filter to apply the CAS security check also to that calls. What happened: calling directly the download servlet (ie: from a link in email) CAS filter intercepted the call and send to CAS login page but after the authentication I got the Alfresco login page. But that page was not necessary because i was already authenticated (by the 2 filter, cas and mine authentication).
So I took a look at the code and I found the problem. Was due to the "ticket" request parameter. Alfresco servlets look for ticket parameter for authentication. The problem is that the name of the parameter is the same for Alfresco and for CAS. So Alfresco fond a ticket, tried to autheticate it but that ticket was not valid for Alfresco, because is the CAS ticket.
At the moment I solved the problem changing the value of ARG_TICKET in BaseServlet class in "alfticket".
Now I have a dubth. Maybe a did a lot of work to integrate Alfresco with Cas that was not necessary. Maybe there a way to configure ALfresco to validate the ticket against CAS server?
Can you tell me if what I've done is correct.

Thanks
Andrea

ps:working with 1.3

kevinr · ‎06-14-2006

That sounds like an acceptable solution for now. It's possible to use a different authentication mechanism, take a look at the code for the NTLM Authentication filter:
org.alfresco.web.app.servlet.NTLMAuthenticationFilter

Thanks,

Kevin

manuella · ‎08-17-2006

Hi Andrea,

I saw that you've successfully configured Alfresco with a CAS authentication. I wanted to know which CAS client library did you use ?

I've tried to configure a CAS authentication with the Yale Java CAS client and it works fine. But with Acegi, I failed

Could give me please more explanations or just the configuration files you've modified ?

I'm using Alfresco 1.3 community.

Thanks.

Manuella

skwong · ‎01-20-2008

Hi alfresco_asia,

Did you manage to integrate LIferay with Alfreso through LDAP and CAS ? If you had done that, please post your solution.

Thanks

andergast · ‎01-25-2008

I have a error when i try intergate casserver + alfresco ( no ldap ). I use pakage CIGNEX_Alfresco-LDAP-SSO.war and config file web.xml with my casserver. I check casserver log forward for client okie but client is not show.

Error is: com.cignex.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[com.cignex.cas.client.ProxyTicketValidator proxyList=[null] [com.cignex.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost/cas/serviceValidate] ticket=[ST-15-hG5X3bUhOlL4k0f2znPIua0EwxBUW2msySf-20] service=[http%3A%2F%2F172.24.229.8%3A8080%2Falfresco%2Findex.jsp] renew=false]]]
caused by:
java.net.SocketException: Unexpected end of file from server

Help me pls.!! Thanks ^.^

I had exactly this problem a few hours ago. It showed up, following http://docs.jboss.com/jbportal/v2.6.2/referenceGuide/html/sso.html

As I was using a selfsigned SSL certificate, I used casclient-lenient.jar. This Jar is either broken or just doesnÃ‚Â´t work. The original casclient.jar worked fine for me. Maybe this is just your issue.

Regards,
Andergast

Hyland Connect

Alfresco and CAS