We used cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. What For?

« Back to Blogs

CAS Integration with Alfresco

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

 

In this blog, you can find steps for setting up CAS server and integration with Alfresco.

 

Environment Details and Software Versions:

  • Ubuntu 12.04 LTS.

  • Java Oracle 7.

  • Jasig CAS 3.5.2.

  • Alfresco 5.0.d or 5.1.e Community Edition.

  • Apache web server.

 

Prerequisite :

 

  • Basic Knowledge of Alfresco system, CAS Server and Apache web server.

 

Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog:
              http://www.surekhatech.com/blog/liferay-sso-integration

 

Step-2:  Configure CAS Mod Auth in Apache web server:
 

  1. Use below commands one by one to create and enable mod for cas authentication.

     

    1. sudo apt-get install libapache2-mod-auth-cas
    2. sudo a2enmod auth_cas
  2. Remove all the content from auth_cas.conf file which is available in etc/apache2/mods­-available.
     

  3. Add the following content in auth_cas.conf file:

 

CASVersion 2
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://sso.cas.edu/cas/login
CASValidateURL https://sso.cas.edu/cas/serviceValidate
CASValidateServer Off
CASDebug On
CASCertificatePath /etc/apache2/ssl/sso.cas.edu.crt

<LocationMatch ^/alfresco/(?!service/|service$|webdav/|webdav$|s/|s$|scripts/|css/|images/).*>
AuthType CAS
AuthName "CAS"
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /alfresco
</LocationMatch>

<Location /share>
AuthType CAS   
AuthName "CAS"
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /share
</Location>   

<Location /examples>
AuthType CAS 
AuthName "CAS" 
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /examples
</Location>
 
 

Update CASLoginURL, CASValidateURL and CASCertificatePath as per your configuration.
 

Step-3: Configure Authentication certificates in JVM and TOMCAT:
 

a. Use below command to import certificate in JVM.

sudo keytool -import -keystore/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -alias cas_cert -file /etc/apache2/ssl/sso.cas.edu.crt

 

           b. Edit alfresco/tomcat/bin/setenv.sh file.

JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit $JAVA_OPTS "

 

           c. Edit alfresco/tomcat/conf/server.xml file.

<Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" 
tomcatAuthentication="false"/>

 

Step-4: Update Alfresco Global properties:
 

Update “/alfresco/tomcat/shared/classes/alfresco-­global.properties" file with/for the following content:

 

authentication.chain=external1:external
external.authentication.proxyUserName=
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=SsoUserHeader

 

Step-5: Update Alfresco Share Configuration:


Edit “alfresco/tomcat/shared/classes/alfresco/web­-extension/share-­config-­custom.xml“ file:


Uncomment following tag, which will be at the last config section in file.

<config evaluator="string-compare" condition="Remote">
</config>

 

Update following two tags inside it:
 

<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>

<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
 

 

Step-6: Add Dependencies for CAS Integration:


Add below jar files into alfresco/tomcat/lib directory.

  1. cas­-client-­core-­3.2.1.jar

  2. commons­-logging-­1.1.jar

  3. cas­-client-­integration-­tomcat-­common-­3.2.1.jar

  4. cas-­client-­integration-­tomcat­-v6-­3.2.1.jar

 

You can find cas­-client-­core-­3.2.1.jar and commons­-logging-­1.1.jar from your CAS installation /opt/TOMCAT/webapps/SSO/WEB-INF/lib directory whereas cas-­client-­integration-­tomcat­-v6­3.2.1.jar and cas­-client-­integration-­tomcat-­common-­3.2.1.jar can be download.  

 

For more implementation details or support you may contact us at [email protected].

contact-us Request a callback WhatsApp