Hyland Connect

adam_bo_ · ‎07-04-2013

Is ND working with CAS2 authentication? When I tried ND with CAS2 I received error:

2013-07-04 16:33:22,092 268 3880 DEBUG    nxdrive.gui.application Detected invalid credentials for: C:\Documents and Settings\adam_bo\Nuxeo Drive
2013-07-04 16:33:22,125 268 3880 ERROR    nxdrive.gui.application Error in synchronization thread: No row was found for one()
Traceback (most recent call last):
File "nuxeo-drive-client\nxdrive\gui\application.py", line 73, in sync_loop
File "C:\Program Files\nuxeo-drive\library.zip\nxdrive\synchronizer.py", line 1161, in loop
sb, session=session)
File "C:\Program Files\nuxeo-drive\library.zip\nxdrive\synchronizer.py", line 1390, in update_synchronize_server
self.scan_local(server_binding, session=session)
File "C:\Program Files\nuxeo-drive\library.zip\nxdrive\synchronizer.py", line 265, in scan_local
local_folder=server_binding.local_folder).one()
File "C:\Program Files\nuxeo-drive\library.zip\sqlalchemy\orm\query.py", line 2179, in one
raise orm_exc.NoResultFound("No row was found for one()")
NoResultFound: No row was found for one()

I use the following cas2 configuration:

<extension
	target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
	point="chain">
	<authenticationChain>
		<plugins>
			<!--  Keep basic Auth at top of Auth chain to support RSS access via BasicAuth -->
			<plugin>BASIC_AUTH</plugin>
			<plugin>PORTAL_AUTH</plugin>
			<plugin>CAS2_AUTH</plugin>
		</plugins>
	</authenticationChain>
</extension>
  

<extension 
	target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" 
	point="specificChains">

	<specificAuthenticationChain name="Automation">
		<urlPatterns>
			<url>(.*)/automation.*</url>
		</urlPatterns>

		<replacementChain>
			<plugin>AUTOMATION_BASIC_AUTH</plugin>
			<plugin>ANONYMOUS_AUTH_FOR_CAS2</plugin>
			<plugin>PORTAL_AUTH</plugin>
			<plugin>CAS2_AUTH</plugin>
		</replacementChain>
	</specificAuthenticationChain>

</extension>

ataillefer_ · ‎07-08-2013

Hi,

Nuxeo Drive works with the nuxeo-platform-login-token authentication module, which is included in the Drive marketplace package and adds an authenticator to the authentication chain. By overriding the chain for CAS you are losing the token authenticator (and there is no merge of authentication chains for now). So you need to include TOKEN_AUTH after AUTOMATION_BASIC_AUTH, should work.

View answer in original post

ataillefer_ · ‎07-08-2013

Hi,

Nuxeo Drive works with the nuxeo-platform-login-token authentication module, which is included in the Drive marketplace package and adds an authenticator to the authentication chain. By overriding the chain for CAS you are losing the token authenticator (and there is no merge of authentication chains for now). So you need to include TOKEN_AUTH after AUTOMATION_BASIC_AUTH, should work.

adam_bo_ · ‎07-09-2013

Thank you. Now, it works.

Benjamin_Jalon1 · ‎07-09-2013

Think to green check the answer when it answers to your question => deliver points to ataillefer and useful for the guy that will have the same question than you. Anyway thanks for your feedback.

Patrick_Delage · ‎09-02-2013

Hello, I also try to configure nuxeo drive with CAS2 auth. I follow your example but it doesn't work. I use this CAS config :

 <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators"> <authenticationPlugin name="CAS2_AUTH"> <loginModulePlugin>Trusting_LM</loginModulePlugin> <parameters> <parameter name="ticketKey">ticket</parameter> <parameter name="appURL">http://nuxeotest.univ-xx.fr:8080/nuxeo/nxstartup.faces</ parameter> https://cas.univ-xx/cas/login</ parameter> <parameter name="serviceValidateURL">https://cas.univ-xx.fr/cas/serviceValidate</ parameter> service https://cas.univ-xx/cas/logout?service=http://nuxeotest.univ-xx.fr:8080/nuxeo/ </parameter> </parameters> </authenticationPlugin> </extension>

 <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="chain"> <authenticationChain> <plugins> <plugin>BASIC_AUTH CAS2_AUTH</plugin> </plugins> </authenticationChain> </extension> `<extension

target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="specificChains">`

<specificAuthenticationChain name="Automation">

<urlPatterns>

<url>(.*)/automation.*</url> </urlPatterns>

<replacementChain>

<plugin>AUTOMATION_BASIC_AUTH`

<plugin>TOKEN_AUTH</plugin>

<plugin>CAS2_AUTH</plugin>

</replacementChain>

</specificAuthenticationChain>

</extension>

</component>

End of CAS config

CAS authentication on Nuxeo UI works with my CAS login when I try to connect nuxeo drive, I have this message

Unable to connect to http://nuxeotest.univ-xx.fr:8080/nuxeo/ with my CAS login.

If i give a bad password, I have the message "invalid credential"

So, CAS authentication is valid, but I think that the authentication chain is bad.

Thank you for your help.

ataillefer_ · ‎09-09-2013

I think you should also add the TOKEN_AUTH plugin to the <authenticationChain> contribution which is used by the default authentication filter. Indeed, all the synchronization related calls made by Drive use Automation (thus depend on the "Automation" specificAuthenticationChain), but the token request made by Drive to first connect to a Nuxeo server is handled by a plain servlet: TokenAuthenticationServlet, which depends on the regular authentication chain configuration.

Hyland Connect

Nuxeo Drive and CAS2 authentication