Hyland Connect

frank_s · ‎05-13-2008

Hi,

over the last few weeks, I've tried to configure Alfresco Community with CAS, and have failed to do so. I have posted a number of questions regarding this on the forums, yet these have been left unanswered. I noticed that other forum members posted questions about the same topic, but a lot of these threads seem to have been abandoned.

This makes me wonder:
1. Has anybody been successful in setting up Alfresco CE using CAS authentication without using the Cignex war?
2. Is it possible to do so with the currently available distributable (Alfresco CE 2.9B), or am I trying to do the impossible?

Any feedback and/or personal experiences would be extremely welcome.

Thanks for your time,

Frank.

mdaslam · ‎05-13-2008

Hi Frank,
It should be possible. We have configured Liferay + alfresco + CAS. You have to add CAS Filter entries to the the web.xml of alfresco.war.

Thanks,
Aslam

shoshin · ‎05-14-2008

Hi Aslam,

It is good to hear that you have cracked the SSO part.
Could you please kindly share us the steps and entries to achieve the same.

Advance Thanks,
Shoshin

frank_s · ‎05-14-2008

Please do - I'd be very interested in learning the details, as I've tried to make the changes to Alfresco's web.xml as they are described in various posts in the forums / wiki / Jira, but I didn't get anywhere.

Thanks in advance,

Frank.

mdaslam · ‎05-14-2008

Hi Frank,
I wasn't involved in the integration of CAS with Alfresco as I joined the team later. But below are the configurations of CAS filter in web.xml of alfresco.war. Instead of localhost, change it to the respective URL and port of CAS. Also you need to add casclient-2.1.1.jar (WEB-INF\lib of cas-web.war) to the WEB-INF\lib folder of alfresco.war and cas-web.war should be deployed.

You can this, I know only this much of Integration part. Sorry about it.

<filter>

      <filter-name>CAS Filter</filter-name>
   <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>

<init-param>
      <param-name>logout_url</param-name>
      <param-value>https://localhost:8443/cas-web/logout</param-value>
   </init-param>

   <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
      <param-value>https://localhost:8443/cas-web/login</param-value>
   </init-param>

<init-param>
        <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
        <param-value>https://localhost:8443/cas-web/serviceValidate</param-value>
    </init-param>

<init-param>
        <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
        <param-value>localhost:8080</param-value>
    </init-param>

</filter>

<filter-mapping>
      <filter-name>CAS Filter</filter-name>
      <url-pattern>/faces/*</url-pattern>
   </filter-mapping>
<filter-mapping>
      <filter-name>CAS Filter</filter-name>
      <url-pattern>/navigate/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>CAS Filter</filter-name>
      <url-pattern>/command/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>CAS Filter</filter-name>
      <url-pattern>/template/*</url-pattern>
   </filter-mapping>

Regards,
Aslam

frank_s · ‎05-14-2008

Hi Aslam,

many thanks for that, I'll give that a try!

f.

mdaslam · ‎05-14-2008

Hi,
There is also Cignex-war deployed in the lib of alfresco.war. It has
\com\cignex\cas
                     —\client
                    —-\proxy
                     —-\util
com\cignex\filters\sso\cas\CASFilter.class

and other like
\com\cignex\util
\com\cignex\web.

Regards,
Aslam

frank_s · ‎05-14-2008

Aslam, thanks again for your post.

After making the changes to the web.xml, Alfresco throws exceptions and displays an error message as described here: http://forums.alfresco.com/viewtopic.php?f=3&t=10626&p=35576 when returning a ticket from the CAS server. Although I'm not using NTLM, the behaviour I experience is identical to the one described in the link above.

Since can't use the Enterprise version of Alfresco and have no need for Liferay, the Cignex solution is unfortunately of no use to me.

I'd be very happy to be corrected by someone from Alfresco, but I've had to come to the conclusion that Alfresco CE 2.9 on its own is not able to do SSO via CAS.

f.

mikewaters · ‎05-21-2008

Hi Frank

We have done it at Keem Bay Research and you are right - Alfesco does not work with CAS out of the box - it needs a bit of extra java code.

We have been using 2.1 CE and 2.9B appears to be the same. (ie I looked at the code in the SVN head and its not changed much)

There are several bits of code in the wikis, forums and Jira but none have made it into Alfresco. (Keem Bay Research are working on a contribution right now

The extra code is a filter that takes the username populated by the CAS filter and passes it to the Alfresco API. Your error is a symptom of that not happening.

More info in another post - http://forums.alfresco.com/viewtopic.php?f=7&t=12372#p41366 but this should really get into the wiki (and into 3.0!)

cheers

-Mike
Keem Bay Research
http://keembay.com

frank_s · ‎05-21-2008

Hi Mike,

thank you very much for this. Let's hope that it makes it into 3.0CE - I'm sure it would be of use to many people, if only because it would make the upgrade process easier. I just hope somebody from Alfresco reads this…

Thanks again,

f.

Hyland Connect

Alfresco Community and CAS - SSO