Prerequisite:
- Alfresco and CAS should use the HTTPS protocol
- Let's say, CAS used port 433 and Alfresco 9443
- Set Alfresco so it can redirect from port 8080 tobe 9443
- Make sure Alfresco and CAS can be accessed with domain name (not recomended with IP Address), in this tutorial use:
- Alfresco = http://alfresco.local
- CAS = http://cas.softbless.local
1. Add this configuration in alfresco-global.properties file:
#CAS
authentication.chain=cas:external
2. Copy service.xml to C:\Alfresco\tomcat\shared\classes\alfresco\extension
3. Copy commonValues.properties to C:\Alfresco\tomcat\shared\classes\alfresco\extension\messages
#
CAS
cas_url=https://cas.softbless.local:443
cas_alfresco_url=https://alfresco.local:9443/alfresco
4. Copy mycompany folder into C:\Alfresco\tomcat\shared\classes\alfresco\extension\templates\webscripts\org
5. Copy custom-slingshot-application-context.xml to C:\Alfresco\tomcat\shared\classes\alfresco\web-extension folder. Make sure same with below configurations:
<!--
Override Logout Controller
- to expire Alfresco tickets -->
<bean
id="logoutController"
class="org.wwarn.cms.authentication.servlet.CASSlingshotLogoutController">
<property
name="cacheSeconds" value="-1" />
<property
name="useExpiresHeader"><value>true</value></property>
<property
name="useCacheControlHeader"><value>true</value></property>
<property
name="connectorService" ref="connector.service" />
<!-- if blank
assumes the same as Share -->
<property
name="casHost"><value>https://cas.softbless.local:443</value></property>
<property
name="casPath"><value>logout</value></property>
</bean>
6. Edit share-config-custom.xml file from C:\Alfresco\tomcat\shared\classes\alfresco\web-extension :
<config
evaluator="string-compare" condition="Server">
<server>
<!--
Enable and adjust the following settings to allow for
external access URLs to the
WebScript
Framework - to return an externally accessible
address for absolute url generation.-->
<scheme>https</scheme>
<hostname>alfresco.local</hostname>
<port>9443</port>
</server>
</config>
<!--Overriding
endpoints to reference a remote Alfresco server
–>-->
<config
evaluator="string-compare" condition="Remote">
<remote>
<!--
Authenticator implementation used in CAS authentication scenario,
overrides the default alfresco-ticket authenticator
<class>org.alfresco.connector.AlfrescoAuthenticator</class>
-->
<authenticator>
<id>alfresco-ticket</id>
<name>Alfresco
Authenticator</name>
<description>Alfresco
Authenticator</description>
<class>org.mycompany.cms.authentication.CasAlfrescoAuthenticator</class>
</authenticator>
<!--
Connects to an Alfresco instance using ticket-based authentication,
overrides the default alfresco connector to use ticket
authenticator-->
<connector>
<id>alfresco</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco
instance using ticket-based
authentication</description>
<class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
<authenticator-id>alfresco-ticket</authenticator-id>
</connector>
<!--
Endpoint using external authentication via CAS-->
<endpoint>
<id>alfresco</id>
<name>Alfresco - user
access</name>
<description>Access to Alfresco Repository
WebScripts that require
external user authentication
</description>
<connector-id>alfresco</connector-id>
<endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
7. Edit webscript-framework-config-custom.xml file from C:\Alfresco\tomcat\shared\classes\alfresco\web-extension :
<config
evaluator="string-compare" condition="Remote">
<remote>
<endpoint>
<id>alfresco-noauth</id>
<name>Alfresco
- unauthenticated access</name>
<description>Access
to Alfresco Repository WebScripts
that do not require authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>
<identity>none</identity>
</endpoint>
<endpoint>
<id>alfresco</id>
<name>Alfresco
- user access</name>
<description>Access
to Alfresco Repository WebScripts
that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>
<identity>user</identity>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<name>Alfresco
Feed</name>
<description>Alfresco
Feed - supports basic HTTP
authentication</description>
<connector-id>http</connector-id>
<endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>
<basic-auth>true</basic-auth>
<identity>user</identity>
</endpoint>
</remote>
</config>
<config
evaluator="string-compare"
condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user
access</name>
<description>Access
to Alfresco Repository WebScripts
that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>https://alfresco.local:9443/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
<authenticator-id>alfresco-ticket</authenticator-id>
</endpoint>
</remote>
</config>
8. Edit relogin.jsp file from C:\Alfresco\tomcat\webapps\alfresco\jsp, tambahkan code di bawah sebelum tanda %> response.addCookie(authCookie);
//
deconnection CAS
response.sendRedirect("https://cas.softbless.local:443/logout");
9. Copy alfresco-cas.jar and cas-client-core-3.1.12.jar library into C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\lib folder
10. Copy web.xml file into C:\Alfresco\tomcat\webapps\alfresco\WEB-INF, make sure CAS code same with below configurations:
<!--
Adding CAS Authentication filters and replacing
Alfresco's default one -->
<filter>
<filter-name>Authentication
Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://cas.softbless.local:443/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://alfresco.local:9443</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation
Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://alfresco.local:443</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://alfresco.local:9443</param-value>
</init-param>
</filter>
<filter>
<filter-name>Alfresco CAS Authentication
Filter</filter-name>
<filter-class>org.mycompany.cms.authentication.CasAuthenticationFilter</filter-class>
</filter>
<!-- End adding CAS authentication filters -->
11. Copy cas-client-core-3.1.12.jar, logoutCAS.jar, and share-CAS.jar library into C:\Alfresco\tomcat\webapps\share\WEB-INF\lib folder
12. Copy web.xml file into C:\Alfresco\tomcat\webapps\share\WEB-INF, make sure CAS code same with below configurations :
<!--
Adding CAS Authentication filters -->
<filter>
<filter-name>CAS Authentication
Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://cas.softbless.local:443/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://alfresco.local:9443</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation
Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://cas.softbless.local:443</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://alfresco.local:9443</param-value>
</init-param>
<init-param>
<param-name>allowAnyProxy</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>proxyCallbackUrl</param-name>
<param-value>https://alfresco.local:9443/share/proxyCallback</param-value>
</init-param>
<init-param>
<param-name>proxyReceptorUrl</param-name>
<param-value>/proxyCallback</param-value>
</init-param>
</filter>
<filter>
<filter-name>Alfresco CAS Authentication
Filter</filter-name>
<filter-class>org.mycompany.cms.authentication.CasAuthenticationFilter</filter-class>
</filter>
<!-- End adding CAS authentication filters -->
13. Now you can access Alfresco used Internet Explorer http://alfresco.local:8080/share, it will redirect to CAS form login.
Reference:
http://ecmstuff.blogspot.com/2011/06/configuring-alfresco-for-sso-with-cas.html
http://akselsarchitecture.blogspot.com/2010/09/cas-sso-for-alfresco-33-and-share.html
http://translate.google.com/translate?u=http://blog.atolcd.com/%3Fp%3D115&sl=fr&tl=en