Prerequisite:

  • Alfresco and CAS should use the HTTPS protocol
  • Let's say, CAS used port 433 and Alfresco 9443
  • Set Alfresco so it can redirect from port 8080 tobe 9443
  • Make sure Alfresco and CAS can be accessed with domain name (not recomended with IP Address), in this tutorial use:
    • Alfresco = http://alfresco.local
    • CAS = http://cas.softbless.local
Form Login CAS

1.       Add this configuration in alfresco-global.properties file:

#CAS

authentication.chain=cas:external

2.       Copy service.xml to C:\Alfresco\tomcat\shared\classes\alfresco\extension

3.       Copy commonValues.properties to C:\Alfresco\tomcat\shared\classes\alfresco\extension\messages

# CAS

      cas_url=https://cas.softbless.local:443

      cas_alfresco_url=https://alfresco.local:9443/alfresco

4.       Copy mycompany folder into C:\Alfresco\tomcat\shared\classes\alfresco\extension\templates\webscripts\org

5.       Copy custom-slingshot-application-context.xml to C:\Alfresco\tomcat\shared\classes\alfresco\web-extension folder. Make sure same with below configurations:

<!-- Override Logout Controller - to expire Alfresco tickets -->

<bean id="logoutController" class="org.wwarn.cms.authentication.servlet.CASSlingshotLogoutController">

       <property name="cacheSeconds" value="-1" />

       <property name="useExpiresHeader"><value>true</value></property>

       <property name="useCacheControlHeader"><value>true</value></property>

       <property name="connectorService" ref="connector.service" />

       <!-- if blank assumes the same as Share -->

 

       <property name="casHost"><value>https://cas.softbless.local:443</value></property>

       <property name="casPath"><value>logout</value></property>

   </bean>

6.       Edit share-config-custom.xml file from C:\Alfresco\tomcat\shared\classes\alfresco\web-extension :

<config evaluator="string-compare" condition="Server">

        <server>

<!-- Enable and adjust the following settings to allow for external access URLs to the

WebScript Framework - to return an externally accessible address for absolute url generation.-->

              <scheme>https</scheme>

              <hostname>alfresco.local</hostname>

              <port>9443</port>

        </server>

    </config>

    <!--Overriding endpoints to reference a remote Alfresco server &ndash;&gt;-->

    <config evaluator="string-compare" condition="Remote">

        <remote>

            <!-- Authenticator implementation used in CAS authentication scenario,

                overrides the default alfresco-ticket authenticator

                <class>org.alfresco.connector.AlfrescoAuthenticator</class> -->

            <authenticator>

                <id>alfresco-ticket</id>

                <name>Alfresco Authenticator</name>

                <description>Alfresco Authenticator</description>

                <class>org.mycompany.cms.authentication.CasAlfrescoAuthenticator</class>

            </authenticator>

            <!-- Connects to an Alfresco instance using ticket-based authentication,

                overrides the default alfresco connector to use ticket authenticator-->

            <connector>

                <id>alfresco</id>

                <name>Alfresco Connector</name>

                <description>Connects to an Alfresco instance using ticket-based authentication</description>

                <class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>

                <authenticator-id>alfresco-ticket</authenticator-id>

            </connector>

            <!-- Endpoint using external authentication via CAS-->

            <endpoint>

                <id>alfresco</id>

                <name>Alfresco - user access</name>

                <description>Access to Alfresco Repository WebScripts that require external user authentication

                </description>

                <connector-id>alfresco</connector-id>

                <endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

                <identity>user</identity>

                <external-auth>true</external-auth>

            </endpoint>

        </remote>

    </config>

7.       Edit webscript-framework-config-custom.xml file from C:\Alfresco\tomcat\shared\classes\alfresco\web-extension :

<config evaluator="string-compare" condition="Remote">

<remote>

<endpoint>

              <id>alfresco-noauth</id>

              <name>Alfresco - unauthenticated access</name>

<description>Access to Alfresco Repository WebScripts that do not require authentication</description>

              <connector-id>alfresco</connector-id>

              <endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

              <identity>none</identity>

       </endpoint>

       <endpoint>

              <id>alfresco</id>

              <name>Alfresco - user access</name>

<description>Access to Alfresco Repository WebScripts that require user authentication</description>

              <connector-id>alfresco</connector-id>

              <endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

              <identity>user</identity>

       </endpoint>

       <endpoint>

              <id>alfresco-feed</id>

              <name>Alfresco Feed</name>

<description>Alfresco Feed - supports basic HTTP authentication</description>

              <connector-id>http</connector-id>

              <endpoint-url>https://alfresco.local:9443/alfresco/s</endpoint-url>

              <basic-auth>true</basic-auth>

              <identity>user</identity>

       </endpoint>              

       </remote>

</config>

<config evaluator="string-compare" condition="Remote">

<remote>

            <keystore>

                <path>alfresco/web-extension/alfresco-system.p12</path>

                <type>pkcs12</type>

                <password>alfresco-system</password>

            </keystore>

            <endpoint>

                <id>alfresco</id>

                <name>Alfresco - user access</name>

<description>Access to Alfresco Repository WebScripts that require user authentication</description>

                <connector-id>alfresco</connector-id>

                <endpoint-url>https://alfresco.local:9443/alfresco/wcs</endpoint-url>

                <identity>user</identity>

                <external-auth>true</external-auth>

                <authenticator-id>alfresco-ticket</authenticator-id>

            </endpoint>

        </remote>

    </config>

8.       Edit relogin.jsp file from C:\Alfresco\tomcat\webapps\alfresco\jsp, tambahkan code di bawah sebelum tanda %> response.addCookie(authCookie);

// deconnection CAS

response.sendRedirect("https://cas.softbless.local:443/logout");

9.       Copy alfresco-cas.jar and cas-client-core-3.1.12.jar library into C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\lib folder

10.   Copy web.xml file into C:\Alfresco\tomcat\webapps\alfresco\WEB-INF, make sure CAS code same with below configurations:

<!-- Adding CAS Authentication filters and replacing Alfresco's default one -->

   <filter>

      <filter-name>Authentication Filter</filter-name>

      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

      <init-param>

         <param-name>casServerLoginUrl</param-name>

         <param-value>https://cas.softbless.local:443/login</param-value>

      </init-param>

      <init-param>

         <param-name>serverName</param-name>

         <param-value>https://alfresco.local:9443</param-value>

      </init-param>

   </filter>

   <filter>

      <filter-name>CAS Validation Filter</filter-name>

      <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

      <init-param>

         <param-name>casServerUrlPrefix</param-name>

         <param-value>https://alfresco.local:443</param-value>

      </init-param>

      <init-param>

         <param-name>serverName</param-name>

         <param-value>https://alfresco.local:9443</param-value>

      </init-param>

   </filter>

   <filter>

      <filter-name>Alfresco CAS Authentication Filter</filter-name>

      <filter-class>org.mycompany.cms.authentication.CasAuthenticationFilter</filter-class>

   </filter>

   <!-- End adding CAS authentication filters -->

11.   Copy cas-client-core-3.1.12.jar, logoutCAS.jar, and share-CAS.jar library into C:\Alfresco\tomcat\webapps\share\WEB-INF\lib folder

12.   Copy web.xml file into C:\Alfresco\tomcat\webapps\share\WEB-INFmake sure CAS code same with below configurations :

<!-- Adding CAS Authentication filters -->

   <filter>

      <filter-name>CAS Authentication Filter</filter-name>

      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

      <init-param>

         <param-name>casServerLoginUrl</param-name>

          <param-value>https://cas.softbless.local:443/login</param-value>

      </init-param>

      <init-param>

         <param-name>serverName</param-name>

         <param-value>https://alfresco.local:9443</param-value>

      </init-param>

   </filter>

   <filter>

      <filter-name>CAS Validation Filter</filter-name>

      <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

      <init-param>

         <param-name>casServerUrlPrefix</param-name>

          <param-value>https://cas.softbless.local:443</param-value>

      </init-param>

      <init-param>

         <param-name>serverName</param-name>

         <param-value>https://alfresco.local:9443</param-value>

      </init-param>

      <init-param>

         <param-name>allowAnyProxy</param-name>

         <param-value>true</param-value>

      </init-param>

      <init-param>

         <param-name>proxyCallbackUrl</param-name>

         <param-value>https://alfresco.local:9443/share/proxyCallback</param-value>

      </init-param>

      <init-param>

         <param-name>proxyReceptorUrl</param-name>

         <param-value>/proxyCallback</param-value>

      </init-param>

   </filter>

   <filter>

      <filter-name>Alfresco CAS Authentication Filter</filter-name>

      <filter-class>org.mycompany.cms.authentication.CasAuthenticationFilter</filter-class>

   </filter>

   <!-- End adding CAS authentication filters -->

13.   Now you can access Alfresco used Internet Explorer http://alfresco.local:8080/share, it will redirect to CAS form login.

Reference:

http://ecmstuff.blogspot.com/2011/06/configuring-alfresco-for-sso-with-cas.html

http://holisticsecurity.wordpress.com/2011/02/19/web-sso-between-liferay-and-alfresco-with-cas-and-penrose-part-22/

http://akselsarchitecture.blogspot.com/2010/09/cas-sso-for-alfresco-33-and-share.html

http://translate.google.com/translate?u=http://blog.atolcd.com/%3Fp%3D115&sl=fr&tl=en

Author

By    Uncategorized