Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Configuring CAS SSO with alfresco
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Configuring CAS SSO with alfresco
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2013 05:45 AM
have configured two centos (6.3) machines. in one machine i have configured the CAS server and the second machine i have configured the alfresco.I have changed the following files in order to use the CAS SSO in alfresco.
1) alfresco web.xml
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso-server.com:8443/sso/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso-server.com:8443/sso/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
2) share web.xml
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso-server.com:8443/sso/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso-server.com:8443/sso/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3) alfresco-global.properties
authentication.chain=external1:external
4)share-config-custom.xml
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://alfresco-cms.com:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
after changing this i am able to redirect to sso but after enetr the credentials im getting error
Jul 09, 2013 12:37:38 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [Faces Servlet] in context with path [/alfresco] threw exception [org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response.] with root cause
org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response.
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1771)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
How can i solve this problem.
1) alfresco web.xml
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso-server.com:8443/sso/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso-server.com:8443/sso/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
2) share web.xml
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso-server.com:8443/sso/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso-server.com:8443/sso/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3) alfresco-global.properties
authentication.chain=external1:external
4)share-config-custom.xml
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://alfresco-cms.com:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
after changing this i am able to redirect to sso but after enetr the credentials im getting error
Jul 09, 2013 12:37:38 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [Faces Servlet] in context with path [/alfresco] threw exception [org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response.] with root cause
org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response.
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1771)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
How can i solve this problem.
Labels:
- Labels:
-
Archive
24 REPLIES 24
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2013 04:38 AM
I haven't managed to get CAS integration working with 4.2 and the java CAS client yet but I have got it working using the mod_auth_cas apache plugin - I'm going to have another go with the java client sometime soon…
I think you need to take serviceValidate off the casServerUrlPrefix value
It might be worth trying adding the following to alfresco-global.properties
authentication.chain=external-apache:external,alfrescoNtlm1:alfrescoNtlm
external.authentication.enabled=true
external.authentication.proxyHeader=SsoUserHeader
external.authentication.proxyUserName=
Some good blogs:
http://tech.wrighting.org/2013/07/12/cas-for-alfresco-4-2-on-ubuntu/
http://gagravarr.livejournal.com/145561.html
http://ecmstuff.blogspot.co.uk/2011/06/configuring-alfresco-for-sso-with-cas.html
I think you need to take serviceValidate off the casServerUrlPrefix value
It might be worth trying adding the following to alfresco-global.properties
authentication.chain=external-apache:external,alfrescoNtlm1:alfrescoNtlm
external.authentication.enabled=true
external.authentication.proxyHeader=SsoUserHeader
external.authentication.proxyUserName=
Some good blogs:
http://tech.wrighting.org/2013/07/12/cas-for-alfresco-4-2-on-ubuntu/
http://gagravarr.livejournal.com/145561.html
http://ecmstuff.blogspot.co.uk/2011/06/configuring-alfresco-for-sso-with-cas.html
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2013 06:10 AM
Asking here to not duplicate the subject. Does someone made it working with CAS client? Im working with Alfresco 4.2.e and CAS 3.5.2 running in two different servers and followed basically this tutorial: http://ecmstuff.blogspot.co.uk/2011/06/configuring-alfresco-for-sso-with-cas.html
The SSO with alfresco worked well, my problem is with the share app. I get the CAS proxyticket and then I have the Alfresco ticket in my CasAlfrescoAuthenticator without a problem, but then I have…
2013-12-17 08:47:02,902 ERROR [alfresco.web.site] [ajp-bio-8009-exec-3] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.UserFactoryException: Unable to retrieve user from repository
…
…
Caused by: org.springframework.extensions.surf.exception.UserFactoryException: Unable to create user - failed to retrieve user metadata:
at org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:183)
…
I checked that this AlfrescoUserFactory throws that message after call "/webframework/content/metadata?user=" + URLEncoder.encode(userId);"
When I call it myself I normally receive the metadata.
Does someone have a clue about it?
Thank you.
The SSO with alfresco worked well, my problem is with the share app. I get the CAS proxyticket and then I have the Alfresco ticket in my CasAlfrescoAuthenticator without a problem, but then I have…
2013-12-17 08:47:02,902 ERROR [alfresco.web.site] [ajp-bio-8009-exec-3] org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.extensions.surf.exception.UserFactoryException: Unable to retrieve user from repository
…
…
Caused by: org.springframework.extensions.surf.exception.UserFactoryException: Unable to create user - failed to retrieve user metadata:
at org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:183)
…
I checked that this AlfrescoUserFactory throws that message after call "/webframework/content/metadata?user=" + URLEncoder.encode(userId);"
When I call it myself I normally receive the metadata.
Does someone have a clue about it?
Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2013 07:03 AM
Ok, I was able to fix the problem sooner than I expected. My problem was simple, the userHeader value from alfrescoHeader connector was different from the one in alfresco-global.properties.
Anyway, I had another weird problem, that I already had before. In order to login with CAS I have to submit my username/password 3 times, just then it redirect to alfresco page. Does someone understand what could be that problem?
Thx.
Anyway, I had another weird problem, that I already had before. In order to login with CAS I have to submit my username/password 3 times, just then it redirect to alfresco page. Does someone understand what could be that problem?
Thx.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2018 05:06 AM
Hi matvieira _,
I need your help for CAS SSO integration with Alfresco. please help out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2018 05:12 AM
There a project at GitHub - wrighting/alfresco-cas: A project designed to show how to integrate Alfresco with CAS singl... which shows how to integrate CAS.
It's a bit dependent on which version of Alfresco you are using - it works with 5.1, if you want 5.2 then have a look at the issue Not working with 5.2 · Issue #3 · wrighting/alfresco-cas · GitHub which tells you want to do for 5.2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2018 05:32 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2018 04:26 AM
You can get the amp files from the github project - because you are using 5.2 you will need to checkout the branch ACE-5661 and build it yourself.
Note that because this replaces the share web.xml, which is not recommended, there are no prebuilt amps available - if you can't build the amp then you probably shouldn't be replacing the web.xml - it's a very crude way to make sure that you know roughly what you're doing...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2018 10:47 AM
hello,
i find alfresco 5.0.c config with cas 5.0.x, any help plz?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2018 03:03 AM
You should be able to deploy the released amp(s) from the project mentioned above for 5.0.c and follow the instructions in the README
(share is required, platform optional)
Related Content
- How to upgrade alfresco from 7.3.x to 23.4 in ansible way setup? what all steps required? in Alfresco Forum
- Inquiry About Alfresco Enterprise Features and Purchasing in Alfresco Forum
- APS - How to override DbSqlSessionFactory properly? in Alfresco Forum
- Start ACS 23.x in mode Services Windows Server 2022 in Alfresco Forum
- How to call Alfresco REST APIs using OAuth instead of Basic Auth? in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
