cancel
Showing results for 
Search instead for 
Did you mean: 

Share SSO Not working with mod_auth_cas

swapraw
Champ in-the-making
Champ in-the-making
there is only one question i need to ask is that
why i am getting login page in the response from the below line
Response response = conn.call("/api/admin/restrictions?guest=true");
this line is in class org.alfresco.web.site.EditionInterceptor and method preHandle(WebRequest request)

This filter is called after SSOAuthenticationFilter from within challengeOrPassThrough method
where this line
Response remoteRes = conn.call("/touch", ctx);
gives blank output.

I am using
CAS 3.3.1
Alfresco 4.0.d

Any help is appreciated
Thanks
2 REPLIES 2

afaust
Legendary Innovator
Legendary Innovator
Hello,

up until Alfresco Enterprise 3.4.9 / 4.0.2, Share cannot be used with external authentication (CAS) without having to add a custom filter. What you are describing on 4.0d falls into the expected result of this limitation. Have you added the necessary filter to enable Share SSO to handle the special HTTP header supplied via CAS authentication?
Please see the wiki segment on Share in combination with external SSO. I do not know when the enhancements applied on the Enterprise branch will trickle back into Community though…

Regards
Axel

swapraw
Champ in-the-making
Champ in-the-making
Hi Alex,
             Yes indeed, when i install the alfresco share 4.0.d application those files mentioned in the given link by you were already present in the bundle i.e the "SSOAuthentication filter" was already added in the share/…/web.xml file.
The only file i think missing was the "org.alfresco.web.site.servlet.SlingshotAlfrescoConnector", which extracts the userName from the header proxied by CAS.
I added this class whithin "alfresco-share-4.0.d.jar" along with some modification to SSOAuthenticationFilter to extract the userName and deployed in ../share/WEB-INF/lib folder.
Rest all the configuration was done according to the given link by you.
Now what i have done is that since the response from this line Response response = conn.call("/api/admin/restrictions?guest=true"); was a login page instaed of a json object, i commented out this line and manually added the json object which consists of userName {taken from header}, edition{hardcoded : Edition } and the document {null}.
With this i am able to login to share with CAS, but i am not sure as to at what level this modification will work