Setting SSO – CAS dan Alfresco

Featured Image


Untuk file-file konfigurasi CAS dapat diambil dari https://www.softbless.com/files/alfresco/CAS/deployment.zip

Prerequisite:

  • Alfresco dan CAS harus menggunakan protokol HTTPS
  • Katakan saja CAS menggunakan port 433 dan Alfresco 9443
  • Setting Alfresco agar redirect dari port 8080 ke 9443
  • Pastikan Alfresco dan CAS dapat diakses dengan menggunakan domain name (tidak disarankan menggunakan IP Address), pada tutorial di bawah ini:

    • Alfresco = http://alfresco.local
    • CAS = http://cas.softbless.local 

Form Login CAS

1.       Tambahkan konfigurasi di bawah ini pada alfresco-global.properties:

#CAS

authentication.chain=cas:external

2.       Copy service.xml ke C:\Alfresco\tomcat\shared\classes\alfresco\extension

3.       Copy commonValues.properties ke C:\Alfresco\tomcat\shared\classes\alfresco\extension\messages

# CAS

cas_url=https://cas.softbless.local:443

cas_alfresco_url=https://alfresco.local:9443/alfresco

4.       Copy folder mycompany ke dalam C:\Alfresco\tomcat\shared\classes\alfresco\extension\templates\webscripts\org

5.       Copy custom-slingshot-application-context.xml ke dalam C:\Alfresco\tomcat\shared\classes\alfresco\web-extension. Pastikan berisi seperti di bawah ini:

<!– Override Logout Controller – to expire Alfresco tickets –>

<bean id=”logoutController” class=”org.wwarn.cms.authentication.servlet.CASSlingshotLogoutController”>

       <property name=”cacheSeconds” value=”-1″ />

       <property name=”useExpiresHeader”><value>true</value></property>

       <property name=”useCacheControlHeader”><value>true</value></property>

       <property name=”connectorService” ref=”connector.service” />

       <!– if blank assumes the same as Share –>

 

       <property name=”casHost”><value>https://cas.softbless.local:443</value></property>

       <property name=”casPath”><value>logout</value></property>

   </bean>

6.       Edit file share-config-custom.xml pada C:\Alfresco\tomcat\shared\classes\alfresco\web-extension :

<config evaluator=”string-compare” condition=”Server”>

        <server>

<!– Enable and adjust the following settings to allow for external access URLs to the

WebScript Framework – to return an externally accessible address for absolute url generation.–>

              <scheme>https</scheme>

              <hostname>alfresco.local</hostname>

              <port>9443</port>

        </server>

    </config>

    <!–Overriding endpoints to reference a remote Alfresco server &ndash;&gt;–>

    <config evaluator=”string-compare” condition=”Remote”>

        <remote>

            <!– Authenticator implementation used in CAS authentication scenario,

                overrides the default alfresco-ticket authenticator

                <class>org.alfresco.connector.AlfrescoAuthenticator</class> –>

            <authenticator>

                <id>alfresco-ticket</id>

                <name>Alfresco Authenticator</name>

                <description>Alfresco Authenticator</description>

                <class>org.mycompany.cms.authentication.CasAlfrescoAuthenticator</class>

            </authenticator>

            <!– Connects to an Alfresco instance using ticket-based authentication,

                overrides the default alfresco connector to use ticket authenticator–>

            <connector>

                <id>alfresco</id>

                <name>Alfresco Connector</name>

                <description>Connects to an Alfresco instance using ticket-based authentication</description>

                <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>

                <authenticator-id>alfresco-ticket</authenticator-id>

            </connector>

            <!– Endpoint using external authentication via CAS–>

            <endpoint>

                <id>alfresco</id>

                <name>Alfresco – user access</name>

                <description>Access to Alfresco Repository WebScripts that require external user authentication

                </description>

                <connector-id>alfresco</connector-id>

                <endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

                <identity>user</identity>

                <external-auth>true</external-auth>

            </endpoint>

        </remote>

    </config>

7.       Edit file webscript-framework-config-custom.xml pada C:\Alfresco\tomcat\shared\classes\alfresco\web-extension :

<config evaluator=”string-compare” condition=”Remote”>

<remote>

<endpoint>

              <id>alfresco-noauth</id>

              <name>Alfresco – unauthenticated access</name>

<description>Access to Alfresco Repository WebScripts that do not require authentication</description>

              <connector-id>alfresco</connector-id>

              <endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

              <identity>none</identity>

       </endpoint>

       <endpoint>

              <id>alfresco</id>

              <name>Alfresco – user access</name>

<description>Access to Alfresco Repository WebScripts that require user authentication</description>

              <connector-id>alfresco</connector-id>

              <endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

              <identity>user</identity>

       </endpoint>

       <endpoint>

              <id>alfresco-feed</id>

              <name>Alfresco Feed</name>

<description>Alfresco Feed – supports basic HTTP authentication</description>

              <connector-id>http</connector-id>

              <endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

              <basic-auth>true</basic-auth>

              <identity>user</identity>

       </endpoint>              

       </remote>

</config>

<config evaluator=”string-compare” condition=”Remote”>

<remote>

            <keystore>

                <path>alfresco/web-extension/alfresco-system.p12</path>

                <type>pkcs12</type>

                <password>alfresco-system</password>

            </keystore>

            <endpoint>

                <id>alfresco</id>

                <name>Alfresco – user access</name>

<description>Access to Alfresco Repository WebScripts that require user authentication</description>

                <connector-id>alfresco</connector-id>

                <endpoint-url>https://alfresco.local:9443/alfresco/wcs</endpoint-url>

                <identity>user</identity>

                <external-auth>true</external-auth>

                <authenticator-id>alfresco-ticket</authenticator-id>

            </endpoint>

        </remote>

    </config>

8.       Edit file relogin.jsp pada C:\Alfresco\tomcat\webapps\alfresco\jsp, tambahkan code di bawah sebelum tanda %> response.addCookie(authCookie);

// deconnection CAS

response.sendRedirect(“https://cas.softbless.local:443/logout”);

9.       Copy library  alfresco-cas.jar dan cas-client-core-3.1.12.jar ke dalam folder C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\lib

10.   Copy file web.xml ke dalam C:\Alfresco\tomcat\webapps\alfresco\WEB-INF, pastikan code CASnya seperti di bawah ini :

<!– Adding CAS Authentication filters and replacing Alfresco’s default one –>

   <filter>

      <filter-name>Authentication Filter</filter-name>

      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

      <init-param>

         <param-name>casServerLoginUrl</param-name>

         <param-value>https://cas.softbless.local:443/login</param-value>

      </init-param>

      <init-param>

         <param-name>serverName</param-name>

         <param-value>https://alfresco.local:9443</param-value>

      </init-param>

   </filter>

   <filter>

      <filter-name>CAS Validation Filter</filter-name>

      <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

      <init-param>

         <param-name>casServerUrlPrefix</param-name>

         <param-value>https://alfresco.local:443</param-value>

      </init-param>

      <init-param>

         <param-name>serverName</param-name>

         <param-value>https://alfresco.local:9443</param-value>

      </init-param>

   </filter>

   <filter>

      <filter-name>Alfresco CAS Authentication Filter</filter-name>

      <filter-class>org.mycompany.cms.authentication.CasAuthenticationFilter</filter-class>

   </filter>

   <!– End adding CAS authentication filters –>

11.   Copy library cas-client-core-3.1.12.jar, logoutCAS.jar, dan share-CAS.jar ke dalam folder C:\Alfresco\tomcat\webapps\share\WEB-INF\lib

12.   Copy file web.xml ke dalam C:\Alfresco\tomcat\webapps\share\WEB-INF, pastikan code CASnya seperti di bawah ini :

<!– Adding CAS Authentication filters –>

   <filter>

      <filter-name>CAS Authentication Filter</filter-name>

      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

      <init-param>

         <param-name>casServerLoginUrl</param-name>

          <param-value>https://cas.softbless.local:443/login</param-value>

      </init-param>

      <init-param>

         <param-name>serverName</param-name>

         <param-value>https://alfresco.local:9443</param-value>

      </init-param>

   </filter>

   <filter>

      <filter-name>CAS Validation Filter</filter-name>

      <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

      <init-param>

         <param-name>casServerUrlPrefix</param-name>

          <param-value>https://cas.softbless.local:443</param-value>

      </init-param>

      <init-param>

         <param-name>serverName</param-name>

         <param-value>https://alfresco.local:9443</param-value>

      </init-param>

      <init-param>

         <param-name>allowAnyProxy</param-name>

         <param-value>true</param-value>

      </init-param>

      <init-param>

         <param-name>proxyCallbackUrl</param-name>

         <param-value>https://alfresco.local:9443/share/proxyCallback</param-value>

      </init-param>

      <init-param>

         <param-name>proxyReceptorUrl</param-name>

         <param-value>/proxyCallback</param-value>

      </init-param>

   </filter>

   <filter>

      <filter-name>Alfresco CAS Authentication Filter</filter-name>

      <filter-class>org.mycompany.cms.authentication.CasAuthenticationFilter</filter-class>

   </filter>

   <!– End adding CAS authentication filters –>

13.   Akses Alfresco dari IE alfresco.local:8080/share, akan redirect ke login CAS. Kemudian login akan muncul dashlet Alfresco.

Referensi:

ecmstuff.blogspot.com/2011/06/configuring-alfresco-for-sso-with-cas.html

holisticsecurity.wordpress.com/2011/02/19/web-sso-between-liferay-and-alfresco-with-cas-and-penrose-part-22/

akselsarchitecture.blogspot.com/2010/09/cas-sso-for-alfresco-33-and-share.html

blog.atolcd.com/?p=115

 
0
+
Happy Clients
0
+
Projects
0
+
Years in Business

Contact Us

Email: info@softbless.com

Phone: +62-21-85918058 & +62-21-85918059

Mobile & Whatsapp: +62-811-221-305

Click here to Chat via Whatsapp : +62-811-221-305

Ask questions/book a meeting :

By