Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Login redirection under SSO

idwright
Star Collaborator
Star Collaborator

‎02-27-2014 07:54 AM

I've got Share working nicely under SSO (CAS) but have a problem with redirection when going to a deep link

e.g.
when not logged in
go to
…./document-details?nodeRef=workspace://SpacesStore/bf4050ec-7726-434f-b050-e71b813e9e825
redirects to
/share/page?pt=login
redirects to
SSO service
redirects back to
/share/page?pt=login because that's where it came from
redirects to
dashboard

Any ideas how I can skip the first redirect to /share/page?pt=login ?

Labels:
0 Kudos
4 REPLIES 4

kavilash23
Champ on-the-rise
Champ on-the-rise

‎02-27-2014 11:33 PM

The issue is due to the way tomcat handles jsessionid and CAS. You need to define a new rule in urlrewrite.xml and add an entry in web.xml.

Add the following in urlrewrite.xml
<rule>
    <note>Remove jsessionid from embedded urls - for urls WITH query parameters</note>
    <from>^/(.*);jsessionid=.*[?](.*)$</from>
    <to>/$1?$2</to>
</rule>

<rule>
    <note>Remove jsessionid from embedded urls - for urls WITHOUT query parameters</note>
    <from>^/(.*);jsessionid=.*[^?]$</from>
    <to>/$1</to>
</rule>

and add the following in web.xml for share

<filter-mapping>
  <filter-name>UrlRewriteFilter</filter-name>
  <url-pattern>/*</url-pattern>             
</filter-mapping>

Hope this helps.
0 Kudos

idwright
Star Collaborator
Star Collaborator
In response to kavilash23

‎02-28-2014 03:19 AM

Thanks for the suggestion - it's quite a nice idea but unfortunately not the answer

I've come across the jsessionid problem before and solved it by adding


        <tracking-mode>COOKIE</tracking-mode>


to the session-config element

The only reference I could find to jsessionid was for the flash-upload and even that seems to get the value from a cookie

The Flash uploader isn't so relevant these days anyway…
0 Kudos

idwright
Star Collaborator
Star Collaborator

‎02-28-2014 04:49 AM

Worked it out - a slightly convoluted explanation coming up…

I'm using the CAS java client - it's better supported than mod_auth_cas and I'm using CAS 4

I was attempting to minimise changes to the web.xml, and hoping to be able to produce a CAS jar that could be installed separately.

In order to do this I changed the web.xml to use the version 3 servlet spec and put the filter settings into a web-fragment.xml file.

This worked quite nicely with only a tiny change to the core web.xml

This is where we come in…

The reason for the above behaviour is the order in which the filters are evaluated, unfortunately the filters in the main web.xml is evaluated first leading to the redirect to the Alfresco log in page before the redirect to the CAS log in page.

The solution is to put the CAS filters into the web.xml before the stock ones so that they are evaluated first (I guess the Authentication Filter is the important one)

I did experiment with using <ordering> but as I suspected this doesn't seem apply to the main web.xml

It's a less elegant solution and means that it's not worth producing a CAS module jar but it works.

(I don't think it would be hard to move the SSO Authentication Filter code into a separate jar which would enable my original plan but that's a bigger customization)
0 Kudos

jainmcs03
Champ in-the-making
Champ in-the-making
In response to idwright

‎01-09-2015 06:47 AM

Hi,

I got external SSO with openAM successfully, the problem is when we access the deep link will get redirected to default dashboard page. Our requirement is to access the document directly with SSO using noderef url.

http://abc.myhost.com:8080/share/page/site/mysite/document-details?nodeRef=workspace://SpacesStore/4...

We even modified the order of filters like SSO filter in the web.xml of share application. Please suggest if any other modifications need to be done to access a documenet using noderef through sso.

Regards
Jayendran
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC