Recent Bloggers

Saurang Suthar
Posts: 5
Stars: 0
Date: 7/4/17
Jyoti Verma
Posts: 3
Stars: 0
Date: 6/28/17
Pankti Patel
Posts: 1
Stars: 0
Date: 5/26/17
Chandrika Baraiya
Posts: 5
Stars: 0
Date: 5/26/17
Atith Patel
Posts: 5
Stars: 0
Date: 5/22/17
Nisarg Pujara
Posts: 6
Stars: 0
Date: 5/10/17
Pranavsinh Parmar
Posts: 4
Stars: 0
Date: 5/3/17
Ankit Prajapati
Posts: 5
Stars: 0
Date: 5/3/17
Pratik Solanki
Posts: 5
Stars: 0
Date: 4/7/17
Chirag Patel
Posts: 4
Stars: 0
Date: 3/30/17
« Back

CAS Integration with Confluence

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

In this blog, you can find steps for setting up CAS server and integration with Confluence.

Environment Details and Software Versions:
  • Ubuntu 12.04 LTS.
  • Jasig CAS 3.5.2.
  • Confluence 5.9.8, Confluence 5.9.9.
Prerequisite :
  • Basic Knowledge of Confluence system and CAS Server.

Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog.

http://www.surekhatech.com/blog/liferay-sso-integration

 

Step-2: Stop the Confluence system and add “cas-client-core-3.3.3.jar” and “cas-client-integration-atlassian-3.3.3.jar” in  $CONFLUENCE_INSTALL/WEB-INF/lib.

 

Step-3: Add the following cas client filter configuration to the end of the filter list in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<filter>
  <filter-name>CasSingleSignOutFilter</filter-name>
  <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
 <filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
 <init-param>
 <param-name>casServerLoginUrl</param-name>
 <param-value>https://cas.company.com/cas/login</param-value>
 </init-param>
 <init-param>
   <param-name>serverName</param-name>
   <param-value>https://wiki.company.com</param-value>
 </init-param>
</filter>
<filter>
   <filter-name>CasValidationFilter</filter-name>
  <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
   <init-param>
       <param-name>casServerUrlPrefix</param-name>
       <param-value>https://cas.company.com/cas</param-value>
   </init-param>
   <init-param>
       <param-name>serverName</param-name>
       <param-value>https://wiki.company.com</param-value>
   </init-param>
   <init-param>
       <param-name>redirectAfterValidation</param-name>
       <param-value>true</param-value>
   </init-param>
</filter>

 

Step-4: Before the login filter-mapping add the following CAS client filter mapping in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<filter-mapping>
  <filter-name>CasSingleSignOutFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>CasAuthenticationFilter</filter-name>
   <url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>CasValidationFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

 

Step-5: Add the Single Sign Out listener to the list of listener list too in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<listener>
  <listener-class>
      org.jasig.cas.client.session.SingleSignOutHttpSessionListener
  </listener-class>
</listener>

 

Step-6: Modify the following in $CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml

<init-param>
<param-name>login.url</param-name>                                               
<!--<param-value>/login.action?os_destination=${originalurl}</param-value>-->    
<param-value>https://cas.company.com/cas/login?service=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<!--<param-value>/login.action</param-value>-->
<param-value>https://cas.company.com/cas/login?service=${originalurl}</param-value>
</init-param>

 

Step-7: Comment out the DefaultAuthenticator and add JASIG CAS Confluence Authenticator in $CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml

<authenticator class="org.jasig.cas.client.integration.atlassian.Confluence35CasAuthenticator"/>

 

Step-8: Configure CAS Logout instead of Confluence logout:

  1. Copy “$CONFLUENCE_INSTALL/WEB-INF/lib/confluence-5.9.9.jar to a temporary directory.
  2. Unpack the jar.
  3. Copy xwork.xml to $CONFLUENCE_INSTALL/WEB-INF/classes.
  4. Edit $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml, find the logout action and comment out the success result and replace it as shown below.
<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
  <interceptor-ref name="defaultStack"/>
  <result name="error" type="velocity">/logout.vm</result>
<!-- <result name="success" type="redirect">${logoutUrl}</result> -->
  <result name="success" type="redirect"> https://cas.company.com/cas/logout?service=https://wiki.company.com
  </result>
</action>

 

Step-9: Add JVM certificate in $CONFLUENCE_INSTALL/jre/lib/security/cacerts

sudo keytool -import -keystore $CONFLUENCE_INSTALL/jre/lib/security/cacerts -alias cas_cert -file /etc/certificate-directory/certificate

 

Step-10: Set environment variable in $CONFLUENCE_INSTALL/bin/setenv.sh

JAVA_OPTS="-Djavax.net.ssl.trustStore=$CONFLUENCE_INSTALL/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit"

 

Step-11: Finally, restart Confluence system. Now your Confluence system is ready for CAS authentication.

 

For more implementation details or support you may contact us at enquiry@surekhatech.com.

Comments
Trackback URL:

Contact Us

Loading

Get in touch

Headquarter :
302, Landmark,
Nr. Titanium City Center,
Prahlad Nagar Road,
Ahmedabad, India - 380015.