Recent Bloggers

Ankit Prajapati
Posts: 5
Stars: 0
Date: 9/18/17
Chirag Patel
Posts: 4
Stars: 0
Date: 9/15/17
Rahul Joshi
Posts: 5
Stars: 0
Date: 9/15/17
Jiten Vaghela
Posts: 1
Stars: 0
Date: 8/23/17
Kuldeep Acharya
Posts: 1
Stars: 0
Date: 8/16/17
Saurang Suthar
Posts: 5
Stars: 0
Date: 7/5/17
Jyoti Verma
Posts: 3
Stars: 0
Date: 6/29/17
Pankti Patel
Posts: 1
Stars: 0
Date: 5/27/17
Chandrika Baraiya
Posts: 5
Stars: 0
Date: 5/27/17
Atith Patel
Posts: 5
Stars: 0
Date: 5/23/17
« Back

CAS Integration with Alfresco

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

 

In this blog, you can find steps for setting up CAS server and integration with Alfresco.

 

Environment Details and Software Versions:

  • Ubuntu 12.04 LTS.

  • Java Oracle 7.

  • Jasig CAS 3.5.2.

  • Alfresco 5.0.d or 5.1.e Community Edition.

  • Apache web server.

 

Prerequisite :

 

  • Basic Knowledge of Alfresco system, CAS Server and Apache web server.

 

Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog:
              http://www.surekhatech.com/blog/liferay-sso-integration

 

Step-2:  Configure CAS Mod Auth in Apache web server:
 

  1. Use below commands one by one to create and enable mod for cas authentication.

     

    1. sudo apt-get install libapache2-mod-auth-cas
    2. sudo a2enmod auth_cas
  2. Remove all the content from auth_cas.conf file which is available in etc/apache2/mods­-available.
     

  3. Add the following content in auth_cas.conf file:

 

CASVersion 2
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://sso.cas.edu/cas/login
CASValidateURL https://sso.cas.edu/cas/serviceValidate
CASValidateServer Off
CASDebug On
CASCertificatePath /etc/apache2/ssl/sso.cas.edu.crt

<LocationMatch ^/alfresco/(?!service/|service$|webdav/|webdav$|s/|s$|scripts/|css/|images/).*>
AuthType CAS
AuthName "CAS"
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /alfresco
</LocationMatch>

<Location /share>
AuthType CAS   
AuthName "CAS"
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /share
</Location>   

<Location /examples>
AuthType CAS 
AuthName "CAS" 
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /examples
</Location>
 
 

Update CASLoginURL, CASValidateURL and CASCertificatePath as per your configuration.
 

Step-3: Configure Authentication certificates in JVM and TOMCAT:
 

a. Use below command to import certificate in JVM.

sudo keytool -import -keystore/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -alias cas_cert -file /etc/apache2/ssl/sso.cas.edu.crt

 

           b. Edit alfresco/tomcat/bin/setenv.sh file.

JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit $JAVA_OPTS "

 

           c. Edit alfresco/tomcat/conf/server.xml file.

<Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" 
tomcatAuthentication="false"/>

 

Step-4: Update Alfresco Global properties:
 

Update “/alfresco/tomcat/shared/classes/alfresco-­global.properties" file with/for the following content:

 

authentication.chain=external1:external
external.authentication.proxyUserName=
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=SsoUserHeader

 

Step-5: Update Alfresco Share Configuration:


Edit “alfresco/tomcat/shared/classes/alfresco/web­-extension/share-­config-­custom.xml“ file:


Uncomment following tag, which will be at the last config section in file.

<config evaluator="string-compare" condition="Remote">
</config>

 

Update following two tags inside it:
 

<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>

<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
 

 

Step-6: Add Dependencies for CAS Integration:


Add below jar files into alfresco/tomcat/lib directory.

  1. cas­-client-­core-­3.2.1.jar

  2. commons­-logging-­1.1.jar

  3. cas­-client-­integration-­tomcat-­common-­3.2.1.jar

  4. cas-­client-­integration-­tomcat­-v6-­3.2.1.jar

 

You can find cas­-client-­core-­3.2.1.jar and commons­-logging-­1.1.jar from your CAS installation /opt/TOMCAT/webapps/SSO/WEB-INF/lib directory whereas cas-­client-­integration-­tomcat­-v6­3.2.1.jar and cas­-client-­integration-­tomcat-­common-­3.2.1.jar can be download.  

 

For more implementation details or support you may contact us at enquiry@surekhatech.com.

Comments
Trackback URL:

No comments yet. Be the first.

Contact Us

Loading

Get in touch

Headquarter :
302, Landmark,
Nr. Titanium City Center,
Prahlad Nagar Road,
Ahmedabad, India - 380015.