|
How to CASify alfresco CMS?
Recently I got opportunity to configure alfresco CMS/WCM for our Intranet project. Our Intranet contains various applications so for single sign on solution we configured ja-sig cas server. Challenge was how to CASify alfresco? But believe me it's really easy once you done it. Following is the simplest possible solution to make alfresco work with CAS (Most of the part of the following entry is inherited by various sources; I am just rearranging contents according my experience.) TODO list before we start:-
* Generate self signed security certificate using keytool, because CAS works on SSL. * Make Tomcat work with SSL. * Install CAS server. * Ensure you already setup alfresco. (It will make our work a lot easy J) * Build certificate trust relation between alfresco and CAS. * Check out alfresco source code (yes we will need this too). * Download Yale's implementation of the CAS java client.
Development environment for our exercise (Make these references according your environment):-
* Developer's machine's hostname à hostname * CAS server's URL à https://hostname/cas (secure port is 443 and HTTP port is 80 so no need to explicitly mentioned in URL) * Alfresco URL à http://hostname:8080/alfresco * Alfresco installation home directory à C:\alfresco (yes I am using windows) * Alfresco tomcat directory à C:\alfresco\tomcat * HTTP and HTTPS port of the alfresco tomcat is same as provided by alfresco community edition with bundled tomcatà 8080 and 8443.
Changes in web.xml
Location à C:\alfresco\tomcat\webapps\alfresco\WEB-INF Add filter declarations
Authentication Filter
edu.yale.its.tp.cas.client.filter.CASFilter
edu.yale.its.tp.cas.client.filter.loginUrl
https://hostname/cas/login
edu.yale.its.tp.cas.client.filter.validateUrl
https://hostname/cas/serviceValidate
edu.yale.its.tp.cas.client.filter.serverName
hostname:8080
CAS Authentication
org.alfresco.web.app.servlet.CasAuthenticationFilter
cas.user.label
edu.yale.its.tp.cas.client.filter.user
Now Add filter mapping in web.xml
CAS Authentication
/faces/*
CAS Authentication
/service/*
CAS Authentication
/navigate/*
CAS Authentication
/command/*
CAS Authentication
/template/*
CAS Authentication
/download/*
Modify alfresco-web-client.jar's two classes
Grab following two java files and compile these with the source you downloaded earlier:-
http://wiki.alfresco.com/fr/index.php/Documentation:CAS:CasAuthenticationFilter.java http://wiki.alfresco.com/fr/index.php/Documentation:CAS:BaseServlet.java
After compiling these files extract and repack following jar with these class files:-
Modify alfresco-web-client.jar stored into C:\alfresco\tomcat\webapps\alfresco\WEB-INF\lib\
Modification in authentication-services-context.xml
Location à C:\alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco
Line no 150 to 160 refers to original AuthenticationComponentImpl, change this to:-
< ref bean="authenticationDao" />
< ref bean="authenticationManager" />
true
false
Modification in relogin.jsp
To logout from CAS server we need to add redirection after alfresco logout from itself
Location à C:\alfresco\tomcat\webapps\alfresco\jsp\relogin.jsp
Add following line to the jsp file:-
response.sendRedirect("https://hostname/cas/logout");
It's done!
References:-
http://wiki.alfresco.com/wiki/Central_Authentication_Service_Configuration
http://wiki.alfresco.com/wiki/Central_Authentication_Service
http://www.ja-sig.org/wiki/display/CASUM/Demo
|
|
|