Alfresco sso cas

How to CASify alfresco CMS?

Recently I got opportunity to configure alfresco CMS/WCM for our Intranet project. Our Intranet contains various applications so for single sign on solution we configured ja-sig cas server. Challenge was how to CASify alfresco? But believe me it's really easy once you done it. Following is the simplest possible solution to make alfresco work with CAS (Most of the part of the following entry is inherited by various sources; I am just rearranging contents according my experience.)
TODO list before we start:-

* Generate self signed security certificate using keytool, because CAS works on SSL.
* Make Tomcat work with SSL.
* Install CAS server.
* Ensure you already setup alfresco. (It will make our work a lot easy
J)
* Build certificate trust relation between alfresco and CAS.
* Check out alfresco source code (yes we will need this too).
* Download Yale's implementation of the CAS java client.

Development environment for our exercise
(Make these references according your environment):-

* Developer's machine's hostname à
hostname
* CAS server's URL à
https://hostname/cas (secure port is 443 and HTTP port is 80 so no need to explicitly mentioned in URL)
* Alfresco URL à
http://hostname:8080/alfresco
* Alfresco installation home directory à
C:\alfresco (yes I am using windows)
* Alfresco tomcat directory à
C:\alfresco\tomcat
* HTTP and HTTPS port of the alfresco tomcat is same as provided by alfresco community edition with bundled tomcatà
8080 and 8443.

Changes in web.xml

Location à
C:\alfresco\tomcat\webapps\alfresco\WEB-INF
Add filter declarations



Authentication Filter

edu.yale.its.tp.cas.client.filter.CASFilter



edu.yale.its.tp.cas.client.filter.loginUrl

https://hostname/cas/login





edu.yale.its.tp.cas.client.filter.validateUrl

https://hostname/cas/serviceValidate





edu.yale.its.tp.cas.client.filter.serverName

hostname:8080







CAS Authentication

org.alfresco.web.app.servlet.CasAuthenticationFilter





cas.user.label

edu.yale.its.tp.cas.client.filter.user








Now Add filter mapping in web.xml



CAS Authentication

/faces/*





CAS Authentication

/service/*





CAS Authentication

/navigate/*





CAS Authentication

/command/*





CAS Authentication

/template/*





CAS Authentication

/download/*



Modify alfresco-web-client.jar's two classes

Grab following two java files and compile these with the source you downloaded earlier:-

http://wiki.alfresco.com/fr/index.php/Documentation:CAS:CasAuthenticationFilter.java
http://wiki.alfresco.com/fr/index.php/Documentation:CAS:BaseServlet.java

After compiling these files extract and repack following jar with these class files:-

Modify alfresco-web-client.jar stored into C:\alfresco\tomcat\webapps\alfresco\WEB-INF\lib\



Modification in authentication-services-context.xml

Location à
C:\alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco

Line no 150 to 160 refers to original AuthenticationComponentImpl, change this to:-







< ref bean="authenticationDao" />





< ref bean="authenticationManager" />





true














false







Modification in relogin.jsp

To logout from CAS server we need to add redirection after alfresco logout from itself

Location à
C:\alfresco\tomcat\webapps\alfresco\jsp\relogin.jsp

Add following line to the jsp file:-

response.sendRedirect("https://hostname/cas/logout");



It's done!




References:-

http://wiki.alfresco.com/wiki/Central_Authentication_Service_Configuration

http://wiki.alfresco.com/wiki/Central_Authentication_Service

http://www.ja-sig.org/wiki/display/CASUM/Demo
 
< Prev   Next >