Hyland Connect

iblanco · ‎10-31-2008

Hi,

I have Alfresco ( 2.1 ) authenticating against a JA-SIG CAS SSO system and it works right it authenticates me and it takes me to my home folder.

If after having logged in CAS i click in a URL that points to a content in my Alfresco repository it just opens it, as I expected. But, if I've not already logged in CAS when I click the URL it takes me to CAS login page and after login does not take me directly to the content but to the starting Alfresco page. It seems like it forgets where I was pretending to go.

I've checked how Alfresco's original login.jsp manages that and it seems that there is a session variable called "_alfRedirect" that "remembers" where I wanted to go. So I suppose the problem is that the CASAuthenticationFilter I use does only set the username value in the session and not the value corresponding to _alfRedirect.

Is it possible to change the filter code in order for it to manage _alfRedirect right ? Should something like this work:


                // Store the original URL
                httpSess.setAttribute(LoginBean.LOGIN_REDIRECT_KEY, ??????);
‍‍‍‍

The username is taken from the session:


      String userName = null;
      Object o = httpSess.getAttribute(CASFilter.CAS_FILTER_USER);
      if (o == null) {
         logger.error("CAS : CASFilter.CAS_FILTER_USER == NULL");
      } else {
         userName = o.toString();
      }
‍‍‍‍‍‍‍‍‍

Could I also recober the _alfRedirect in the same way ?

Does all of this make any sense to someone?

Thanks.

nmcminn · ‎12-02-2008

I am having an almost identical problem, but with web scripts embedded in portal iFrames. Otherwise the problem looks exactly the same. Did you ever find a solution?

Here's a link to my current thread on the problem.

http://forums.alfresco.com/en/viewtopic.php?f=9&t=15382&p=50475&hilit=CAS#p50475

rbaudu · ‎12-10-2008

We have the same problem with web scripts embedded in portal.
I try to set up cas.client.filter.serviceUrl instead of serverName in the web.xml file to be redirected to a specific page but now each time I load the web script in the portlet I am redirected to this specific page even if I am already logged in on Alfresco.
I do not know if you progress on a solution on this issue.
thanks for your help

lme · ‎12-11-2008

The goal of using CAS is to not use the login.jsp step. Instead, you should configure your filter mapping in your web.xml file. Every URL that requires an authentication must be behind the CAS filters.

Here is the filter mapping I use with Alfresco 2.1.0E (other versions of Alfresco may need customizations):


   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/faces/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Authentication</filter-name>
      <url-pattern>/faces/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/wcs/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Authentication</filter-name>
      <url-pattern>/wcs/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/service/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Authentication</filter-name>
      <url-pattern>/service/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/navigate/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Authentication</filter-name>
      <url-pattern>/navigate/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/command/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Authentication</filter-name>
      <url-pattern>/command/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/template/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Authentication</filter-name>
      <url-pattern>/template/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/download/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Authentication</filter-name>
      <url-pattern>/download/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/d/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Authentication</filter-name>
      <url-pattern>/d/*</url-pattern>
   </filter-mapping>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

ericc · ‎12-16-2008

Hello,
I have the same problem and I tried different things without success.
(using a 2.9b)

I've defined this filters :

<filter>
     <filter-name>Authentication Filter</filter-name>
     <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
     <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
         <param-value>https://stage2:443/cas/login</param-value>
     </init-param>
     <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
         <param-value>https://stage2:443/cas/serviceValidate</param-value>
     </init-param>
     <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
         <param-value>stage2:80</param-value>
     </init-param>
</filter>
<filter>
     <filter-name>CAS Authentication</filter-name>
     <filter-class>com.bluexml.common.cas.CasAuthenticationFilter</filter-class>
</filter>

And a list of mapping like this :

<filter-mapping>
     <filter-name>Authentication Filter</filter-name>
     <url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
     <filter-name>CAS Authentication</filter-name>
     <url-pattern>/faces/*</url-pattern>
</filter-mapping>

My SSO works fine with CAS. But when I try to go to a service with an url like this :
http://localhost:8080/alfresco/wcservice/view/myWebScript
I'm redirect to CAS (and in the url I have ?service=http%3A%2F%2Flocalhost%3A8080%2Falfresco%2Ffaces%2Fjsp%2Flogin.jsp) if it's the first time I try to acceed Alfresco (all fine for now), but when I login I'm redirect to alfresco/faces/jsp/browse/browse.jsp not on my webscript.

If I try again to go to my webscript all is fine.

I look at CasAuthenticationFilter and I see clearly that when login.jsp is the caller it will be redirect to browse.jsp. But I think my problem is earlier and I would like to avoid redirection to browse.jsp or change ?service= to my webscript url.
I may have a problem between web.xml conf and other conf files I guess.

Someone already try this with success?

Thanks

ericc · ‎12-16-2008

I've found a solution :

In the CasAuthenticationFilter.java I check if there is a url for redirection in session (because alfresco do it) :
near line 150, search for // Redirect the login page as it is never seen as we always login by name and put before it :


                // If we need to redirect to a specific page
      String redirectionUrl = (String) req.getSession().getAttribute(LoginBean.LOGIN_REDIRECT_KEY);
      if (redirectionUrl != null && redirectionUrl.length() > 0) {
         resp.sendRedirect(redirectionUrl);
      } else {
                // Redirect the login page as it is never seen as we always login by name
‍‍‍‍‍‍‍‍

t_broyer · ‎12-17-2008

The thing is, the query string should look like service=http%3A%2F%2Flocalhost%3A8080%2Falfresco%2Fwcservice%2Fview%2FmyWebScript.

That's what we have on our own installation at least (that LaurentM put in place, you'll note that he's also the author of the code iblanco linked to in its original post in this thread).

BlueXML seems to be using this very same code, moved to a different java package.

Are you sure you filter /wcservice/* with both the "Authentication Filter" and "CAS Authentication"?

ericc · ‎12-17-2008

I take the code from the french wiki so maybe it's the same yes.

I haven't seen wcservice in the mapping so I don't add it. But with the add made to the code it works fines. And it seems it's an Alfresco possibility (because the asked page is put in a session variable).

Hyland Connect

URL redirection after an external login with CAS