SSO Setting – CAS and Alfresco

Prerequisite:

  • Alfresco
    and CAS should use the HTTPS protocol
  • Let’s say, CAS used port 433 and Alfresco 9443
  • Set Alfresco so it can redirect from port 8080 tobe 9443
  • Make sure Alfresco and CAS can be accessed with domain name
    (not recomended with IP Address), in this tutorial use:
    • Alfresco
      = http://alfresco.local
    • CAS = http://cas.softbless.local

Form Login CAS

1.      
Add this configuration in alfresco-global.properties file:

#CAS

authentication.chain=cas:external

2.      
Copy service.xml to C:\Alfresco\tomcat\shared\classes\alfresco\extension

3.      
Copy commonValues.properties to C:\Alfresco\tomcat\shared\classes\alfresco\extension\messages

#
CAS

   
  cas_url=https://cas.softbless.local:443

   
  cas_alfresco_url=https://alfresco.local:9443/alfresco

4.      
Copy mycompany folder into C:\Alfresco\tomcat\shared\classes\alfresco\extension\templates\webscripts\org

5.      
Copy custom-slingshot-application-context.xml to C:\Alfresco\tomcat\shared\classes\alfresco\web-extension folder.
Make sure same with below configurations:

<!–
Override Logout Controller
– to expire Alfresco tickets –>

<bean
id=”logoutController”
class=”org.wwarn.cms.authentication.servlet.CASSlingshotLogoutController”>

      
<property
name=”cacheSeconds” value=”-1″ />

      
<property
name=”useExpiresHeader”><value>true</value></property>

      
<property
name=”useCacheControlHeader”><value>true</value></property>

      
<property
name=”connectorService” ref=”connector.service” />

      
<!– if blank
assumes the same as Share –>

 

      
<property
name=”casHost”><value>https://cas.softbless.local:443</value></property>

      
<property
name=”casPath”><value>logout</value></property>

   </bean>

6.      
Edit share-config-custom.xml
file from
C:\Alfresco\tomcat\shared\classes\alfresco\web-extension
:

<config
evaluator=”string-compare” condition=”Server”>

       
<server>

<!–
Enable and adjust the following settings to allow for
external access URLs to the

WebScript
Framework – to return an externally accessible
address for absolute url generation.–>

             
<scheme>https</scheme>

           
  <hostname>alfresco.local</hostname>

           
  <port>9443</port>

       
</server>

    </config>

    <!–Overriding
endpoints to reference a remote Alfresco server
&ndash;&gt;–>

    <config
evaluator=”string-compare” condition=”Remote”>

       
<remote>

           
<!–
Authenticator implementation used in CAS authentication scenario,

               
overrides the default alfresco-ticket authenticator

               
<class>org.alfresco.connector.AlfrescoAuthenticator</class>
–>

           
<authenticator>

               
<id>alfresco-ticket</id>

                <name>Alfresco
Authenticator</name>

               
<description>Alfresco
Authenticator</description>

               
<class>org.mycompany.cms.authentication.CasAlfrescoAuthenticator</class>

           
</authenticator>

           
<!–
Connects to an Alfresco instance using ticket-based authentication,

               
overrides the default alfresco connector to use ticket
authenticator–>

           
<connector>

               
<id>alfresco</id>

               
<name>Alfresco Connector</name>

               
<description>Connects to an Alfresco
instance using ticket-based
authentication</description>

               
<class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>

               
<authenticator-id>alfresco-ticket</authenticator-id>

           
</connector>

           
<!–
Endpoint using external authentication via CAS–>

           
<endpoint>

               
<id>alfresco</id>

               
<name>Alfresco – user
access</name>

               
<description>Access to Alfresco Repository
WebScripts that require
external user authentication

               
</description>

               
<connector-id>alfresco</connector-id>

               
<endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

       
        <identity>user</identity>

               
<external-auth>true</external-auth>

           
</endpoint>

       
</remote>

    </config>

7.      
Edit webscript-framework-config-custom.xml
file from
C:\Alfresco\tomcat\shared\classes\alfresco\web-extension
:

<config
evaluator=”string-compare” condition=”Remote”>

<remote>

<endpoint>

             
<id>alfresco-noauth</id>

             
<name>Alfresco
– unauthenticated access</name>

<description>Access
to Alfresco Repository WebScripts
that do not require authentication</description>

      
      
<connector-id>alfresco</connector-id>

             
<endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

             
<identity>none</identity>

      
</endpoint>

      
<endpoint>

             
<id>alfresco</id>

             
<name>Alfresco
– user access</name>

<description>Access
to Alfresco Repository WebScripts
that require user authentication</description>

             
<connector-id>alfresco</connector-id>

             
<endpoint-url>https://
alfresco.local:9443/alfresco/s</endpoint-url>

             
<identity>user</identity>

      
</endpoint>

      
<endpoint>

             
<id>alfresco-feed</id>

             
<name>Alfresco
Feed</name>

<description>Alfresco
Feed – supports basic HTTP
authentication</description>

             
<connector-id>http</connector-id>

             
<endpoint-url>https://
alfresco.local:9443/alfresco/s</endpoint-url>

             
<basic-auth>true</basic-auth>

             
<identity>user</identity>

      
</endpoint>              

      
</remote>

</config>

<config
evaluator=”string-compare”
condition=”Remote”>

<remote>

           
<keystore>

               
<path>alfresco/web-extension/alfresco-system.p12</path>

               
<type>pkcs12</type>

             
  <password>alfresco-system</password>

           
</keystore>

           
<endpoint>

               
<id>alfresco</id>

               
<name>Alfresco – user
access</name>

<description>Access
to Alfresco Repository WebScripts
that require user authentication</description>

               
<connector-id>alfresco</connector-id>

               
<endpoint-url>https://
alfresco.local:9443/alfresco/wcs</endpoint-url>

               
<identity>user</identity>

               
<external-auth>true</external-auth>

               
<authenticator-id>alfresco-ticket</authenticator-id>

           
</endpoint>

       
</remote>

    </config>

8.      
Edit relogin.jsp
file from
C:\Alfresco\tomcat\webapps\alfresco\jsp,
tambahkan code di bawah sebelum tanda
%>
response.addCookie(authCookie);

//
deconnection CAS

response.sendRedirect(“https://cas.softbless.local:443/logout”);

9.      
Copy
alfresco-cas.jar and cas-client-core-3.1.12.jar library into C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\lib
folder

10.  
Copy web.xml
file into
C:\Alfresco\tomcat\webapps\alfresco\WEB-INF, make sure CAS code same with
below configurations:

<!–
Adding CAS Authentication filters and replacing
Alfresco’s default one –>

   <filter>

     
<filter-name>Authentication
Filter</filter-name>

      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

     
<init-param>

        
<param-name>casServerLoginUrl</param-name>

        
<param-value>https://cas.softbless.local:443/login</param-value>

     
</init-param>

     
<init-param>

        
<param-name>serverName</param-name>

        
<param-value>https://
alfresco.local:9443</param-value>

     
</init-param>

   </filter>

   <filter>

     
<filter-name>CAS Validation
Filter</filter-name>

     
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

     
<init-param>

        
<param-name>casServerUrlPrefix</param-name>

        
<param-value>https://
alfresco.local:443</param-value>

     
</init-param>

     
<init-param>

        
<param-name>serverName</param-name>

        
<param-value>https://
alfresco.local:9443</param-value>

     
</init-param>

   </filter>

   <filter>

     
<filter-name>Alfresco CAS Authentication
Filter</filter-name>

     
<filter-class>org.mycompany.cms.authentication.CasAuthenticationFilter</filter-class>

   </filter>

   <!– End
adding
CAS authentication filters –>

11.  
Copy cas-client-core-3.1.12.jar,
logoutCAS.jar, and share-CAS.jar library into C:\Alfresco\tomcat\webapps\share\WEB-INF\lib
folder

12.  
Copy web.xml
file into
C:\Alfresco\tomcat\webapps\share\WEB-INFmake sure CAS code same with
below configurations

:

<!–
Adding CAS Authentication filters –>

   <filter>

     
<filter-name>CAS Authentication
Filter</filter-name>

     
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

     
<init-param>

        
<param-name>casServerLoginUrl</param-name>

         
<param-value>https://cas.softbless.local:443/login</param-value>

     
</init-param>

     
<init-param>

        
<param-name>serverName</param-name>

        
<param-value>https://
alfresco.local:9443</param-value>

     
</init-param>

   </filter>

   <filter>

     
<filter-name>CAS Validation
Filter</filter-name>

     
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

     
<init-param>

        
<param-name>casServerUrlPrefix</param-name>

         
<param-value>https://cas.softbless.local:443</param-value>

     
</init-param>

     
<init-param>

        
<param-name>serverName</param-name>

        
<param-value>https://
alfresco.local:9443</param-value>

     
</init-param>

     
<init-param>

        
<param-name>allowAnyProxy</param-name>

        
<param-value>true</param-value>

     
</init-param>

     
<init-param>

        
<param-name>proxyCallbackUrl</param-name>

        
<param-value>https://
alfresco.local:9443/share/proxyCallback</param-value>

     
</init-param>

     
<init-param>

        
<param-name>proxyReceptorUrl</param-name>

        
<param-value>/proxyCallback</param-value>

     
</init-param>

   </filter>

   <filter>

     
<filter-name>Alfresco CAS Authentication
Filter</filter-name>

     
<filter-class>org.mycompany.cms.authentication.CasAuthenticationFilter</filter-class>

   </filter>

   <!– End
adding
CAS authentication filters –>

13.  
Now you can access Alfresco used
Internet Explorer
http://alfresco.local:8080/share, it will redirect to CAS form
login.

Reference:

http://ecmstuff.blogspot.com/2011/06/configuring-alfresco-for-sso-with-cas.html

http://holisticsecurity.wordpress.com/2011/02/19/web-sso-between-liferay-and-alfresco-with-cas-and-penrose-part-22/

http://akselsarchitecture.blogspot.com/2010/09/cas-sso-for-alfresco-33-and-share.html

http://translate.google.com/translate?u=http://blog.atolcd.com/%3Fp%3D115&sl=fr&tl=en

 
0
+
Happy Clients
0
+
Projects
0
+
Years in Business

Contact Us

Email: info@softbless.com

Phone: +62-21-85918058 & +62-21-85918059

Mobile & Whatsapp: +62-811-221-305

Click here to Chat via Whatsapp : +62-811-221-305

Ask questions/book a meeting :