Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ADF 2.6.1 Application and CAS

pcharsle
Confirmed Champ
Confirmed Champ

‎02-21-2019 08:32 PM

We use Apache mod_auth_cas with Alfresco 5.2.3 and Apereo CAS 5.2.4. This works very well and was straightforward to setup.

We have now built an ADF 2.6.1 application and are unsure about whether the process we are following to include our application in the CAS authentication is correct. We are doing the following:

  1. Configure our CAS server to also act as an OAUTH2 OIDC provider
  2. Add oauth2 settings to the app.config.json file (attached) which point to our CAS server/OAUTH2 provider
  3. Deal with any CORS issues as described in these forums

We have made the changes in step 2 based on the documentation here alfresco-ng2-components/login.component.md at development · Alfresco/alfresco-ng2-components · GitHu...  but are not entirely sure whether our understanding is correct.

We would be very grateful if someone could confirm whether the process we are following is correct.

Thanks,

Paul

app.config.json.zip
0 Kudos
5 REPLIES 5

pcharsle
Confirmed Champ
Confirmed Champ

‎02-24-2019 04:50 PM

We've done some more investigation about what we believe are Alfresco's plans to support CAS SSO. We know that Alfresco is supporting a new SSO authentication architecture built on Keycloak which is an OAUTH2 identity provider. We believe and hope that:

  • Alfresco's new authentication architecture will support the use of other OAUTH2 identity providers (not just Keycloak)

Based on the above assumption, we are now:

  • Configuring our CAS server to act as an OAUTH2 provider
  • Upgrading to ACS version 6.0. We believe this is necessary since in the OAUTH2 process the ACS acts as a Resource Server which will need to contact the OAUTH2 identity provider to verify an access token. We think that the code to do this is not present in version 5.2.x and has only been added in 6.0

We found a great article by Martin Bergljung at https://community.alfresco.com/people/gravitonian/blog/2018/07/17/getting-started-with-alfresco-iden... 

upon which we've based some of our assumptions.

Can anyone in the community advise us on whether our assumptions/approach for using CAS with our ADF application are valid?

Thanks,

Paul

0 Kudos

eugenio_romano
Elite Collaborator
Elite Collaborator
In response to pcharsle

‎02-25-2019 09:13 AM

Hi Paul is better if you use 6.1.0 Cs.

0 Kudos

pcharsle
Confirmed Champ
Confirmed Champ
In response to eugenio_romano

‎02-25-2019 07:26 PM

Hi Eugenio,

We had hoped to stay with 6.0 for the time being since this is what we have done most of our testing on.

We are getting the following error in the browser after the user is logged in and our ADF application is calling Alfresco's REST api:

Error: Uncaught (in promise): Error: {"error":{"errorKey":"framework.exception.ApiDefault","statusCode":401,"briefSummary":"01260004 Authorization 'Bearer' not supported.","stackTrace":"For security reasons the stack trace is no longer displayed, but the property is kept for previous versions","descriptionURL":"https://api-explorer.alfresco.com"}}

This looks like it is related to OAUTH2. Has anyone come across this problem before? Is it a known issue in 6.0 that is resolved in 6.1.0?

Thanks,

Paul

0 Kudos

eugenio_romano
Elite Collaborator
Elite Collaborator
In response to pcharsle

‎03-07-2019 09:42 AM

can you post your app.config.json here or in a gist?...I saw you have uploaded a zip but I prefer to not open zip from internet Smiley Happy. thanks

0 Kudos

pcharsle
Confirmed Champ
Confirmed Champ
In response to eugenio_romano

‎03-07-2019 03:44 PM

Hi Eugenio,

The app.config.json is shown below (placeholders are replaced with the urls when we deploy). We have followed your suggestion and are now upgrading to 6.1. This is taking longer than we expected but we will shortly add a post to this forum if our cas integration is successful or not.

Thanks,

Paul

{   
"$schema": "../node_modules/@alfresco/adf-core/app.config.schema.json",   
"ecmHost": "https://@@DRUPAL_HUB_URL@@",   
"bpmHost": "https://@@DRUPAL_HUB_URL@@",   
"providers": "ECM",   
"application": {     
     "name": "Health Hub Project Library"   
},   
"languages": [
{       "key": "en",       "label": "English"     },     
{       "key": "fr",       "label": "French"     },     
{       "key": "de",       "label": "German"     },     
{       "key": "it",       "label": "Italian"     },     
{       "key": "es",       "label": "Spanish"     },     
{       "key": "ja",       "label": "Japanese"     },     
{       "key": "nl",       "label": "Dutch"     },     
{       "key": "pt-BR",    "label": "Brazilian Portuguese"     },     
{       "key": "nb",       "label": "Norwegian"     },     
{       "key": "ru",       "label": "Russian"     },     
{       "key": "zh-CN",    "label": "Simplified Chinese"     }   
],   
"logLevel": "trace",   
"authType": "OAUTH",   
"oauth2": {     
  "host": "https://@@DRUPAL_HUB_URL@@/cas/oidc",     
  "clientId": "hhb-library",     
  "scope": "openid",     
  "secret": "ClientSecret",     
  "implicitFlow": true,     
  "silentLogin": true,     
  "redirectUri": "/hhb-library",     
  "redirectSilentIFrameUri": "https://@@DRUPAL_HUB_URL@@/cas/oidc/authorize",     
  "redirectUriLogout": "https://@@DRUPAL_HUB_URL@@/cas/logout"   
 } 
}
0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC