Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Alfresco + CAS + single sign on + single sign out ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alfresco + CAS + single sign on + single sign out + solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2009 04:33 AM
Hi,
I am new to alfresco and I faced lot of problems in configuring alfresco with CAS single sign on (and single sign out) but i have successfully done it
and providing steps of the same so that others can do it easily.
Environment :
Apache Tomcat 5.5.26
cas-server-3.2.1
Alfresco 2.1 Community Edition
CAS client 3.1.32
NOTE : Before using this make sure that LDAP and Tomcat are configured on SSL.
—————————————————————————————————————–
1.Copy the 'CAS client 3.1.32' jar to $ALFRESCO_HOME/WEB-INF/lib.
2. Add CAS filter
Modify the $ALFRESCO_HOME/WEB_INF/web.xml by adding following.
…
</context-param>
<context-param>
<param-name>serverName</param-name>
<param-value>http://<HOSTNAME></param-value>
</context-param>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://<HOST_NAME>:443/cas/login</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://<HOST_NAME>:443/cas</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
…
Make sure that the CAS Single Sign Out Filter is the first filter.
3.Configure for user name forwarding
Download the keembay source file.
–Download uri - http://keembay.com/alfresco/extras/CASAuthenticationFilter.java
–Refer url - http://athenalogics.blogspot.com/2008/07/how-to-casify-alfresco-cms 567.html
Create a project in an IDE like Netbeans with required package hierarchy. Copy the file to the src directory of the project.
Modify it to forward username to the application after picking up the value from REMOTE_USER.
Change
public class CASAuthenticationFilter extends AbstractAuthenticationFilter implements Filter {
…
public void doFilter(…) {
…
// Retrieve the CAS username from the session
String userName = null;
Object o = httpSess.getAttribute(casUserSessionAttributeName);
if (o == null) {
logger.error("CAS : Attribute named "+casUserSessionAttributeName+" not found in the session. ");
} else {
userName = o.toString();
}
if (logger.isDebugEnabled()) {
…
}
…
}
to
public class CASAuthenticationFilter extends AbstractAuthenticationFilter implements Filter {
…
public void doFilter(…) {
…
// Retrieve the CAS username from the session
String userName = null;
userName = req.getRemoteUser();
if (logger.isDebugEnabled()) {
…
}
…
}
Build the project and a jar file would be created and copy it in $ALFRESCO_HOME/WEB_INF/lib/.
This jar contains code to forward the cas-authenticated user’s name to the application.
Open the file $ALFRESCO_HOME/WEB_INF/web.xml in a text editor and edit
the filter named Authentication Filter.
Locate the following lines:
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
and edit them to become
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>com.keembay.alfresco.web.app.servlet.CASAuthenticationFilter</filter-class>
Logout from Alfreso can be configured by modifying $ALFRESCO_HOME/jsp/relogin.jsp.
To logout from CAS server we need to add redirection after alfresco logout.
Modify $ALFRESCO_HOME/jsp/relogin.jsp
response.addCookie(authCookie);
}
}
%>
to
response.addCookie(authCookie);
}
}
response.sendRedirect("https://<HOST_NAME>:8443/cas/logout");
%>
4. LDAP Integration
Create a file ldap-authentication-context.xml with following contents.
<?xml version=’1.0’ encoding=’UTF-8’?>
<!DOCTYPE beans PUBLIC ’-//SPRING//DTD BEAN//EN’ ’http://www.springframework.org/dtd/spring-beans.dtd’>
<beans>
<bean name="authenticationDao"
class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>false</value>
</property>
</bean>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>%s</value>
</property>
</bean>
<bean id="ldapInitialDirContextFactory"
class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
<property name="initialDirContextEnvironment">
<map>
<entry key="java.naming.factory.initial">
<value>com.sun.jndi.ldap.LdapCtxFactory</value>
</entry>
<entry key="java.naming.provider.url">
<value>ldap://localhost</value>
</entry>
<entry key="java.naming.security.authentication">
<value>simple</value>
</entry>
<entry key="java.naming.security.principal">
<value>admin</value>
</entry>
<entry key="java.naming.security.credentials">
<value>adminpassword</value>
</entry>
</map>
</property>
</bean>
</beans>
Copy this file to $ALFRESCO_HOME/WEB-INF/classes/alfresco/
$ALFRESCO_HOME/WEB-INF/classes/alfresco/extension
—————————————————————————————————————–
I am new to alfresco and I faced lot of problems in configuring alfresco with CAS single sign on (and single sign out) but i have successfully done it
and providing steps of the same so that others can do it easily.
Environment :
Apache Tomcat 5.5.26
cas-server-3.2.1
Alfresco 2.1 Community Edition
CAS client 3.1.32
NOTE : Before using this make sure that LDAP and Tomcat are configured on SSL.
—————————————————————————————————————–
1.Copy the 'CAS client 3.1.32' jar to $ALFRESCO_HOME/WEB-INF/lib.
2. Add CAS filter
Modify the $ALFRESCO_HOME/WEB_INF/web.xml by adding following.
…
</context-param>
<context-param>
<param-name>serverName</param-name>
<param-value>http://<HOSTNAME></param-value>
</context-param>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://<HOST_NAME>:443/cas/login</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://<HOST_NAME>:443/cas</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
…
Make sure that the CAS Single Sign Out Filter is the first filter.
3.Configure for user name forwarding
Download the keembay source file.
–Download uri - http://keembay.com/alfresco/extras/CASAuthenticationFilter.java
–Refer url - http://athenalogics.blogspot.com/2008/07/how-to-casify-alfresco-cms 567.html
Create a project in an IDE like Netbeans with required package hierarchy. Copy the file to the src directory of the project.
Modify it to forward username to the application after picking up the value from REMOTE_USER.
Change
public class CASAuthenticationFilter extends AbstractAuthenticationFilter implements Filter {
…
public void doFilter(…) {
…
// Retrieve the CAS username from the session
String userName = null;
Object o = httpSess.getAttribute(casUserSessionAttributeName);
if (o == null) {
logger.error("CAS : Attribute named "+casUserSessionAttributeName+" not found in the session. ");
} else {
userName = o.toString();
}
if (logger.isDebugEnabled()) {
…
}
…
}
to
public class CASAuthenticationFilter extends AbstractAuthenticationFilter implements Filter {
…
public void doFilter(…) {
…
// Retrieve the CAS username from the session
String userName = null;
userName = req.getRemoteUser();
if (logger.isDebugEnabled()) {
…
}
…
}
Build the project and a jar file would be created and copy it in $ALFRESCO_HOME/WEB_INF/lib/.
This jar contains code to forward the cas-authenticated user’s name to the application.
Open the file $ALFRESCO_HOME/WEB_INF/web.xml in a text editor and edit
the filter named Authentication Filter.
Locate the following lines:
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
and edit them to become
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>com.keembay.alfresco.web.app.servlet.CASAuthenticationFilter</filter-class>
Logout from Alfreso can be configured by modifying $ALFRESCO_HOME/jsp/relogin.jsp.
To logout from CAS server we need to add redirection after alfresco logout.
Modify $ALFRESCO_HOME/jsp/relogin.jsp
response.addCookie(authCookie);
}
}
%>
to
response.addCookie(authCookie);
}
}
response.sendRedirect("https://<HOST_NAME>:8443/cas/logout");
%>
4. LDAP Integration
Create a file ldap-authentication-context.xml with following contents.
<?xml version=’1.0’ encoding=’UTF-8’?>
<!DOCTYPE beans PUBLIC ’-//SPRING//DTD BEAN//EN’ ’http://www.springframework.org/dtd/spring-beans.dtd’>
<beans>
<bean name="authenticationDao"
class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>false</value>
</property>
</bean>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>%s</value>
</property>
</bean>
<bean id="ldapInitialDirContextFactory"
class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
<property name="initialDirContextEnvironment">
<map>
<entry key="java.naming.factory.initial">
<value>com.sun.jndi.ldap.LdapCtxFactory</value>
</entry>
<entry key="java.naming.provider.url">
<value>ldap://localhost</value>
</entry>
<entry key="java.naming.security.authentication">
<value>simple</value>
</entry>
<entry key="java.naming.security.principal">
<value>admin</value>
</entry>
<entry key="java.naming.security.credentials">
<value>adminpassword</value>
</entry>
</map>
</property>
</bean>
</beans>
Copy this file to $ALFRESCO_HOME/WEB-INF/classes/alfresco/
$ALFRESCO_HOME/WEB-INF/classes/alfresco/extension
—————————————————————————————————————–
Labels:
- Labels:
-
Archive
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2009 06:02 PM
this is great i'm going to try it as i didn't succeed, thx!
Related Content
- Webinar recording: Enhance your Alfresco solution with Generative AI in Alfresco Blog
- signing pdf document add-on/module for alfresco 23 in Alfresco Forum
- AMPs on Maven 3.9 doesn't build in Alfresco Forum
- Elasticsearch Frequently Asked Question in Alfresco Blog
- Tech Talk Live #162 Recording - Hackaton review and other news in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
