cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring CAS SSO with alfresco

asmi
Champ in-the-making
Champ in-the-making
have configured two centos (6.3) machines. in one machine i have configured the CAS server and the second machine i have configured the alfresco.I have changed the following files in order to use the CAS SSO in alfresco.
1) alfresco web.xml

<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso-server.com:8443/sso/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso-server.com:8443/sso/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
2) share web.xml
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso-server.com:8443/sso/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso-server.com:8443/sso/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://alfresco-cms.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3) alfresco-global.properties

authentication.chain=external1:external

4)share-config-custom.xml

<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>

<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>

<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>

<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://alfresco-cms.com:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
after changing this i am able to redirect to sso but after enetr the credentials im getting error
Jul 09, 2013 12:37:38 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [Faces Servlet] in context with path [/alfresco] threw exception [org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response.] with root cause
org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response.
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1771)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)

How can i solve this problem.
24 REPLIES 24

If you really must then your best bet is to google it - from memory you need to export the certificate from the CAS server and import it into the cacerts file used by java on the Alfresco server - it's not a tomcat level configuration, you need to inform java that it can trust the certificate returned when it makes the call to validate the CAS ticket.

It's a horrible process

CAS - Troubleshooting Guide 

Much, much easier to use real certs

hammamitaha
Champ in-the-making
Champ in-the-making

redirect is okI have this error, is not mapping error??

I think ts mapping error now??

hammamitaha
Champ in-the-making
Champ in-the-making

After syncro with ssl certif

I have this error:

 Failed executing LDAP query [org.ldaptive.SearchFilter@-974012864::filter=sAMAccountName, parameters={}]

hammamitaha
Champ in-the-making
Champ in-the-making

fine it's works now;

just export cas certificat to pem format

transfer the pem in alfresco server

add certificate to trust 

/opt/alfresco-5.0.c/java/bin/keytool -import -file /root/casserver.pem -alias alfcastaha -trustcacerts -keystore /opt/alfresco-5.0.c/java/lib/security/cacerts

modifier le fichier /opt/alfresco/tomcat/bin/setenv.sh

JAVA_HOME=/opt/alfresco-5.0.c/java
JRE_HOME=$JAVA_HOME
JAVA_OPTS="-XX:+DisableExplicitGC -Djava.awt.headless=true -Dalfresco.home=/opt/alfresco-5.0.c -Dcom.sun.management.jmxremote -XX:ReservedCodeCacheSize=128m "
JAVA_OPTS="-Djavax.net.ssl.trustStore=/opt/alfresco-5.0.c/java/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
JAVA_OPTS="-XX:MaxPermSize=256M -Xms512M -Xmx2048M $JAVA_OPTS " # java-memory-settings
export JAVA_HOME
export JRE_HOME
export JAVA_OPTS

restart alfresco.