Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

trouble with alfresco + cas

sean
Champ in-the-making
Champ in-the-making

‎08-15-2006 05:45 AM

hi folks,

i've been tasked with evaluating alfresco for my company.  it seems like a really cool product.  after playing around with the default install for a bit and r'ing tfm's, i've attempted unsuccessfully to get SSO via CAS working.

first i tried to use the acegi hooks in the authentication context file but couldn't seem to get things working via that route.  things were further complicated by the bundled version of acegi being outdated wrt the latest upstream version (and hence the documentation i had was not fully accurate).  furthermore, the latest version has a different namespace (org.acegisecurity instead of under net.sf), with some subtle yet non-backwards-compatible API changes.

i'm now trying to authenticate via CAS directly, by replacing the authentication filter in web.xml.  i've had more success with this route, though not much.  now when i request /alfresco, i'm sent to the cas login page, and after authenticating i'm sent back to alfresco (so far so good), but then alfresco sends me a 302 header sending me back to cas, which thinks there's nothing wrong and 302's me back to alfresco, etc etc.

i saw a similar problem in the forums that was solved by recompiling alfresco with a different name for ARG_TICKET in baseServlet.java, which i've tried without success.

does anyone have an idea of what else could be a problem?  any help would be greatly appreciated!

    sean
Labels:
0 Kudos
32 REPLIES 32

sebastien_marin
Champ in-the-making
Champ in-the-making

‎03-13-2007 11:42 AM

Finally I have alfresco 1.4 and liferay 4.2.1 smoothly authenticating with CAS. To get it, you have to change just a row of the NovellIChainsHTTPRequestAuthenticationFilter class (and rename it if you like as CASAuthenticationFilter):

        String authHdr = (String) req.getSession().getAttribute(CASFilter.CAS_FILTER_USER);

Then you have to properly configure the filter within web.xml as the following:


   <filter>
      <filter-name>CAS Filter</filter-name>
   <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
   <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
      <param-value>https://myserver:8443/cas/login</param-value>
   </init-param>
   <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
      <param-value>https://myserver:8443/cas/serviceValidate</param-value>
   </init-param>
   <init-param>
      <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl</param-name>
      <param-value>http://myserver/alfresco/faces/jsp/login.jsp</param-value>
   </init-param>
   </filter>

   <filter>
      <filter-name>Authentication Filter</filter-name>      <filter-class>org.alfresco.web.app.servlet.CASAuthenticationFilter</filter-class>
   </filter>

   <filter>
      <filter-name>WebDAV Authentication Filter</filter-name>      <filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>      
   </filter>
   
   <filter>
      <filter-name>Admin Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
   </filter>

   <filter-mapping>
      <filter-name>CAS Filter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>
      
   <filter-mapping>
      <filter-name>WebDAV Authentication Filter</filter-name>
      <url-pattern>/webdav/*</url-pattern>
   </filter-mapping>
   
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/admin/*</url-pattern>
   </filter-mapping>
   
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/categories/*</url-pattern>
   </filter-mapping>
   
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/groups/*</url-pattern>
   </filter-mapping>
   
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/users/delete-user.jsp</url-pattern>
   </filter-mapping>
   
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/users/users.jsp</url-pattern>
   </filter-mapping>
   
   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/dialog/system-info.jsp</url-pattern>
   </filter-mapping>

Best regards, Alessandro

Hello, i am trying to have a CAS authen,tification on Alfresco in Liferay portal as you. So i am agree with your configuration but i have a problem with the web.xml.

So if i change "/faces/*" to "/*", the picture of alfresco are not displayed (JSP problem). So the login form never go to the CAS auth class…

Can you give me the good way or what could be the problem ?

Thank you.
0 Kudos

sebastien_marin
Champ in-the-making
Champ in-the-making

‎03-14-2007 04:51 AM

Hello,

i don't really understand but now, the filter CAS is use.

So the problem with the url pattern "<url-pattern>/*</url-pattern>" is that the filter is active with pictures, and other elements.

So all is ok but i enter in the filter about 20 times per request and the log user is always the guest…

Can you help me ?
0 Kudos

sebastien_marin
Champ in-the-making
Champ in-the-making

‎03-29-2007 01:45 PM

Hi,
is there anyone can help me?
0 Kudos

alarocca
Champ in-the-making
Champ in-the-making

‎03-30-2007 02:49 AM

Try using the following url-pattern:

/faces/jsp/*

Best regards, Alessandro

Hello,

i don't really understand but now, the filter CAS is use.

So the problem with the url pattern "<url-pattern>/*</url-pattern>" is that the filter is active with pictures, and other elements.

So all is ok but i enter in the filter about 20 times per request and the log user is always the guest…

Can you help me ?
0 Kudos

tegyat
Champ in-the-making
Champ in-the-making

‎04-16-2007 07:13 AM

Hi alarocca,
can you tell us if you use alfresco portlet in liferay?
if yes please tell us how you do it clearly (i did the same things as you but i haven't sso in liferay and alfresco)
thanks.
0 Kudos

tegyat
Champ in-the-making
Champ in-the-making

‎04-16-2007 07:14 AM

hello
please sebastien.marin do you have solution for this problem
sso for alfresco portlet in liferay?
thanks
0 Kudos

alarocca
Champ in-the-making
Champ in-the-making

‎04-18-2007 03:18 AM

Hi, I use a Liferay IFrame portlet to include Alfresco.

Hi alarocca,
can you tell us if you use alfresco portlet in liferay?
if yes please tell us how you do it clearly (i did the same things as you but i haven't sso in liferay and alfresco)
thanks.
0 Kudos

fthamura
Champ in-the-making
Champ in-the-making

‎05-01-2007 03:25 AM

hi all

what do you think if CAS config is bundled in Alfresco binary distribution

so we just click, and integrate

Frans
0 Kudos

sebastien_marin
Champ in-the-making
Champ in-the-making

‎05-02-2007 03:25 AM

Yes, it could be fine but the problem of everybody is not to add CAS authentication to Alfresco but implement the autologin and CAS filter on alfresco portlet with portletContext…

You just have to implement the method that allowed to authenticate a user object or just a userid to the alfresco api with a portlet context. So, in the portlet, you've done this for guest acces but not for an other userID…

It is a little bit too simple. Community need that metho because it is a problem to integrate Alfresco in portal container…

Thank.
0 Kudos

fthamura
Champ in-the-making
Champ in-the-making

‎05-02-2007 12:29 PM

make it a bundle as optional

that is the power of community, we have more choice.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC