Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CAS integration, 5.0.d, keystore is unused ?

sebdavid
Champ in-the-making
Champ in-the-making

‎04-30-2015 10:19 AM

Hello,

I'm working with alfresco community 5.0.d.

I'm trying to integrate Alfresco + Share with a CAS system. I followed the documentation instructions from http://docs.alfresco.com/community/concepts/alf-modauthcas-home.html. Actually, I have the same configuration : 2 servers, one with apache and the CAS, and the other with Alfresco and Share.

The CAS authentication works well :
- I can log in via the CAS form when accessing to http://host/alfresco, and /examples
- If I add the alfresco-system.p12 certificate to my browser, I'm automatically authenticated as "alfresco-system" : I can see it when accessing to the example page http://host/examples/jsp/snp/snoop.jsp, and in the CAS logs I can see 
[org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - Certificate found in request.


The problem is the communication between Share and Alfresco. From the documentation, I understand that the alfresco-system.p12 certificate should be used by the share, to communicate with Alfresco. But it doesn't. When accessing http://host/share, I can authenticate through the CAS form, but then when the share send requests to Alfresco, it is not authenticated and it fails because the CAS form is returned in the responses. It appears that the certificate is not sent as I can view that in the CAS logs : 
[org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - Certificates not found in request


When digging in the code, we found the class <a href="https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/COMMUNITYTAGS/V5.0.d/root/projects/surf...">RemoteConfigElement</a>. There is a REMOTE_KEYSTORE attribute which is unused. So maybe the problem comes from there ?

Do you have any clue on it ? Any information ?
Could you explain how the alfresco-system.p12 certificate, located in "tomcat/shared/classes/alfresco/web-extension", should be processed ? Because when we specify a dummy name in share-config-custom.xml, it does nothing ! No exception such as FileNotFound or whatever is thrown.

Thank you in advance for your response.

Sebastien.
Labels:
0 Kudos
3 REPLIES 3

dynabix
Champ in-the-making
Champ in-the-making

‎06-29-2015 04:16 PM

Hello

I have the same problem with 5.0.d
Were you ever able to solve this?

Best regards,
David
0 Kudos

sebdavid
Champ in-the-making
Champ in-the-making
In response to dynabix

‎07-03-2015 09:14 AM

Hi,

Nope, I have no more information about it, and the problem is still there but it's aside for now. But I still would like know how to solve it.

Does anybody have clues or information ?

Sébastien.
0 Kudos

idwright
Star Collaborator
Star Collaborator

‎07-09-2015 09:07 AM

Although it's a slightly different configuration I think it's the same problem as described at http://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap... - I think there's a bug…

You shouldn't be using CAS for the communication between share and the repo because it's between the 2 apps rather than share and the browser - share needs to tell the repo the identity of the remote user which is done by setting headers on the request

Communication between the user and repo should go via the share proxy so also doesn't use CAS

I suspect the docs may be slightly out of date now that the repo client has been removed - I don't <em>think</em> it should be necessary to put the /alfresco URL behind CAS but it should only be accessed from the share host
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC