cancel
Showing results for 
Search instead for 
Did you mean: 

Permanent links don't work with CAS Authentication ?

manuek_
Star Contributor
Star Contributor

Hi,

We trying to use permanent link like this one "http://localhost/nuxeo/nxdoc/default/5e84c7a3-e40c-4152-9497-b0cfdb916a6a/view_documents" to access document on a "nuxeo-cap-5.6-tomcat" server, with HF15 and DM add-on.

We first test this possibility with a default authentification: it works as expected (direct access).

But, we need use CAS authentication and in this case, the permanent link doesn't work anymore ... It's for us an important issue because we need direct acces on task (workflow context) send via email to our users.

Is it a known problem ?

We've done tests on two differents "Centos (5.9 and 6.4)" servers:

  • In both case:

    • a first direct access doesn't work. The return URL from CAS is wrong: the path to the document is missing.
  • On one server (Centos 6.4, nuxeo-5.6-HF10), after a first connection and deconnection (without removing JSESSION cookie) to the plateform, the direct access on a document works even with a CAS access for authentication (the return URL is correct). No error message are seen (with a default log4j configuration).

  • On the other one (Centos 5.9, nuxeo-5.6-HF15), an access after a first connection and deconnection (without removing JSESSION cookie) doesn't work and an error message is sent in the log:

     2013-04-25 14:26:49,819 ERROR [org.nuxeo.ecm.core.api.CoreSession] Permission 'Read' is not granted to 'invite' on document /default-domain/workspaces/niv2/dd (5e84c7a3-e40c-4152-9497-b0cfdb916a6a - Folder)
     2013-04-25 14:26:49,821 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/nuxeo]] L'écouteur d'évènement de session (session event listener) a généré une exception java.lang.IllegalStateException: Please end the HttpSession via org.jboss.seam.web.Session.instance().invalidate()
     at org.jboss.seam.contexts.Lifecycle.endSession(Lifecycle.java:221)
     ....
    

Thanks for your help

16 REPLIES 16

Not applicable

This should be fixed (works in my tests!) and available in the next hotfix (5.6-HF18).

manuek_
Star Contributor
Star Contributor

Hi,

manuek_
Star Contributor
Star Contributor

For the curious, link to our second pb with CAS authentication and permanent links

Not applicable

My configuration is pretty much what's in the documentation except for the server names.

Antoine_Cordier
Star Contributor
Star Contributor

Hello, is this fixed and if yes can you please tell me what is the hotfix to begin with ?

manuek_
Star Contributor
Star Contributor

Hi,

ITassas_
Champ on-the-rise
Champ on-the-rise

Using CAS authentication with anonymous auth enabled, we've got the same problem( the return URL from CAS is appURL not the permanentlink ). This bug is still present in 5.8.