cancel
Showing results for 
Search instead for 
Did you mean: 

trouble with alfresco + cas

sean
Champ in-the-making
Champ in-the-making
hi folks,

i've been tasked with evaluating alfresco for my company.  it seems like a really cool product.  after playing around with the default install for a bit and r'ing tfm's, i've attempted unsuccessfully to get SSO via CAS working.

first i tried to use the acegi hooks in the authentication context file but couldn't seem to get things working via that route.  things were further complicated by the bundled version of acegi being outdated wrt the latest upstream version (and hence the documentation i had was not fully accurate).  furthermore, the latest version has a different namespace (org.acegisecurity instead of under net.sf), with some subtle yet non-backwards-compatible API changes.

i'm now trying to authenticate via CAS directly, by replacing the authentication filter in web.xml.  i've had more success with this route, though not much.  now when i request /alfresco, i'm sent to the cas login page, and after authenticating i'm sent back to alfresco (so far so good), but then alfresco sends me a 302 header sending me back to cas, which thinks there's nothing wrong and 302's me back to alfresco, etc etc.

i saw a similar problem in the forums that was solved by recompiling alfresco with a different name for ARG_TICKET in baseServlet.java, which i've tried without success.

does anyone have an idea of what else could be a problem?  any help would be greatly appreciated!

    sean
32 REPLIES 32

sebastien_marin
Champ in-the-making
Champ in-the-making
Finally I have alfresco 1.4 and liferay 4.2.1 smoothly authenticating with CAS. To get it, you have to change just a row of the NovellIChainsHTTPRequestAuthenticationFilter class (and rename it if you like as CASAuthenticationFilter):

        String authHdr = (String) req.getSession().getAttribute(CASFilter.CAS_FILTER_USER);

Then you have to properly configure the filter within web.xml as the following:


   <filter>
      <filter-name>CAS Filter</filter-name>
   <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
   <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
      <param-value>https://myserver:8443/cas/login</param-value>
   </init-param>
   <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
      <param-value>https://myserver:8443/cas/serviceValidate</param-value>
   </init-param>
   <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl</param-name>
      <param-value>http://myserver/alfresco/faces/jsp/login.jsp</param-value>
   </init-param>
   </filter>

   <filter>
      <filter-name>Authentication Filter</filter-name>      <filter-class>org.alfresco.web.app.servlet.CASAuthenticationFilter</filter-class>
   </filter>

   <filter>
      <filter-name>WebDAV Authentication Filter</filter-name>      <filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>     
   </filter>
  
   <filter>
      <filter-name>Admin Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
   </filter>

   <filter-mapping>
      <filter-name>CAS Filter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>
     
   <filter-mapping>
      <filter-name>WebDAV Authentication Filter</filter-name>
      <url-pattern>/webdav/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/admin/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/categories/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/groups/*</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/users/delete-user.jsp</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/users/users.jsp</url-pattern>
   </filter-mapping>
  
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/dialog/system-info.jsp</url-pattern>
   </filter-mapping>

Best regards, Alessandro

Hello, i am trying to have a CAS authen,tification on Alfresco in Liferay portal as you. So i am agree with your configuration but i have a problem with the web.xml.

So if i change "/faces/*" to "/*", the picture of alfresco are not displayed (JSP problem). So the login form never go to the CAS auth class…

Can you give me the good way or what could be the problem ?

Thank you.

sebastien_marin
Champ in-the-making
Champ in-the-making
Hello,

i don't really understand but now, the filter CAS is use.

So the problem with the url pattern "<url-pattern>/*</url-pattern>" is that the filter is active with pictures, and other elements.

So all is ok but i enter in the filter about 20 times per request and the log user is always the guest…

Can you help me ?

sebastien_marin
Champ in-the-making
Champ in-the-making
Hi,
is there anyone can help me?

alarocca
Champ in-the-making
Champ in-the-making
Try using the following url-pattern:

/faces/jsp/*

Best regards, Alessandro

Hello,

i don't really understand but now, the filter CAS is use.

So the problem with the url pattern "<url-pattern>/*</url-pattern>" is that the filter is active with pictures, and other elements.

So all is ok but i enter in the filter about 20 times per request and the log user is always the guest…

Can you help me ?

tegyat
Champ in-the-making
Champ in-the-making
Hi alarocca,
can you tell us if you use alfresco portlet in liferay?
if yes please tell us how you do it clearly (i did the same things as you but i haven't sso in liferay and alfresco)
thanks.

tegyat
Champ in-the-making
Champ in-the-making
hello
please sebastien.marin do you have solution for this problem
sso for alfresco portlet in liferay?
thanks

alarocca
Champ in-the-making
Champ in-the-making
Hi, I use a Liferay IFrame portlet to include Alfresco.

Hi alarocca,
can you tell us if you use alfresco portlet in liferay?
if yes please tell us how you do it clearly (i did the same things as you but i haven't sso in liferay and alfresco)
thanks.

fthamura
Champ in-the-making
Champ in-the-making
hi all

what do you think if CAS config is bundled in Alfresco binary distribution

so we just click, and integrate

Frans

sebastien_marin
Champ in-the-making
Champ in-the-making
Yes, it could be fine but the problem of everybody is not to add CAS authentication to Alfresco but implement the autologin and CAS filter on alfresco portlet with portletContext…

You just have to implement the method that allowed to authenticate a user object or just a userid to the alfresco api with a portlet context. So, in the portlet, you've done this for guest acces but not for an other userID…

It is a little bit too simple. Community need that metho because it is a problem to integrate Alfresco in portal container…

Thank.

fthamura
Champ in-the-making
Champ in-the-making
make it a bundle as optional

that is the power of community, we have more choice.