07-04-2013 09:44 AM
Is ND working with CAS2 authentication? When I tried ND with CAS2 I received error:
2013-07-04 16:33:22,092 268 3880 DEBUG nxdrive.gui.application Detected invalid credentials for: C:\Documents and Settings\adam_bo\Nuxeo Drive
2013-07-04 16:33:22,125 268 3880 ERROR nxdrive.gui.application Error in synchronization thread: No row was found for one()
Traceback (most recent call last):
File "nuxeo-drive-client\nxdrive\gui\application.py", line 73, in sync_loop
File "C:\Program Files\nuxeo-drive\library.zip\nxdrive\synchronizer.py", line 1161, in loop
sb, session=session)
File "C:\Program Files\nuxeo-drive\library.zip\nxdrive\synchronizer.py", line 1390, in update_synchronize_server
self.scan_local(server_binding, session=session)
File "C:\Program Files\nuxeo-drive\library.zip\nxdrive\synchronizer.py", line 265, in scan_local
local_folder=server_binding.local_folder).one()
File "C:\Program Files\nuxeo-drive\library.zip\sqlalchemy\orm\query.py", line 2179, in one
raise orm_exc.NoResultFound("No row was found for one()")
NoResultFound: No row was found for one()
I use the following cas2 configuration:
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="chain">
<authenticationChain>
<plugins>
<!-- Keep basic Auth at top of Auth chain to support RSS access via BasicAuth -->
<plugin>BASIC_AUTH</plugin>
<plugin>PORTAL_AUTH</plugin>
<plugin>CAS2_AUTH</plugin>
</plugins>
</authenticationChain>
</extension>
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="specificChains">
<specificAuthenticationChain name="Automation">
<urlPatterns>
<url>(.*)/automation.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>ANONYMOUS_AUTH_FOR_CAS2</plugin>
<plugin>PORTAL_AUTH</plugin>
<plugin>CAS2_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
</extension>
07-08-2013 09:32 AM
Hi,
Nuxeo Drive works with the nuxeo-platform-login-token
authentication module, which is included in the Drive marketplace package and adds an authenticator to the authentication chain.
By overriding the chain for CAS you are losing the token authenticator (and there is no merge of authentication chains for now). So you need to include TOKEN_AUTH
after AUTOMATION_BASIC_AUTH
, should work.
07-08-2013 09:32 AM
Hi,
Nuxeo Drive works with the nuxeo-platform-login-token
authentication module, which is included in the Drive marketplace package and adds an authenticator to the authentication chain.
By overriding the chain for CAS you are losing the token authenticator (and there is no merge of authentication chains for now). So you need to include TOKEN_AUTH
after AUTOMATION_BASIC_AUTH
, should work.
07-09-2013 12:58 AM
Thank you. Now, it works.
07-09-2013 03:32 AM
Think to green check the answer when it answers to your question => deliver points to ataillefer and useful for the guy that will have the same question than you. Anyway thanks for your feedback.
09-02-2013 10:22 AM
Hello, I also try to configure nuxeo drive with CAS2 auth. I follow your example but it doesn't work. I use this CAS config :
<!-- Configure you CAS server parameters -->
<extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators">
<authenticationPlugin name="CAS2_AUTH">
<loginModulePlugin>Trusting_LM</loginModulePlugin>
<parameters>
<parameter name="ticketKey">ticket</parameter>
<parameter name="appURL">http://nuxeotest.univ-xx.fr:8080/nuxeo/nxstartup.faces
</
parameter>
https://cas.univ-xx/cas/login
</
parameter>
<parameter name="serviceValidateURL">
https://cas.univ-xx.fr/cas/serviceValidate</ parameter>
service
</parameter>
</parameters>
</authenticationPlugin>
</extension>
<!-- Include CAS2 into authentication chain -->
<extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="chain">
<authenticationChain>
<plugins>
<plugin>
BASIC_AUTH
CAS2_AUTH</plugin>
</plugins>
</authenticationChain>
</extension>
`<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="specificChains">`
<specificAuthenticationChain name="Automation">
<urlPatterns>
<url>(.*)/automation.*</url>
</urlPatterns>
<replacementChain>
<plugin>
AUTOMATION_BASIC_AUTH`
<plugin>TOKEN_AUTH</plugin>
<plugin>CAS2_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
</extension>
</component>
End of CAS config
CAS authentication on Nuxeo UI works with my CAS login when I try to connect nuxeo drive, I have this message
Unable to connect to http://nuxeotest.univ-xx.fr:8080/nuxeo/ with my CAS login.
If i give a bad password, I have the message "invalid credential"
So, CAS authentication is valid, but I think that the authentication chain is bad.
Thank you for your help.
09-09-2013 06:51 AM
I think you should also add the TOKEN_AUTH
plugin to the <authenticationChain>
contribution which is used by the default authentication filter. Indeed, all the synchronization related calls made by Drive use Automation (thus depend on the "Automation" specificAuthenticationChain
), but the token request made by Drive to first connect to a Nuxeo server is handled by a plain servlet: TokenAuthenticationServlet
, which depends on the regular authentication chain configuration.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.