We used cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. What For?

CAS Integration with Confluence

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

In this blog, you can find steps for setting up CAS server and integration with Confluence.

Environment Details and Software Versions:
  • Ubuntu 12.04 LTS.
  • Jasig CAS 3.5.2.
  • Confluence 5.9.8, Confluence 5.9.9.
Prerequisite :
  • Basic Knowledge of Confluence system and CAS Server.

Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog.

http://www.surekhatech.com/blog/liferay-sso-integration

 

Step-2: Stop the Confluence system and add “cas-client-core-3.3.3.jar” and “cas-client-integration-atlassian-3.3.3.jar” in  $CONFLUENCE_INSTALL/WEB-INF/lib.

 

Step-3: Add the following cas client filter configuration to the end of the filter list in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<filter>
  <filter-name>CasSingleSignOutFilter</filter-name>
  <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
 <filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
 <init-param>
 <param-name>casServerLoginUrl</param-name>
 <param-value>https://cas.company.com/cas/login</param-value>
 </init-param>
 <init-param>
   <param-name>serverName</param-name>
   <param-value>https://wiki.company.com</param-value>
 </init-param>
</filter>
<filter>
   <filter-name>CasValidationFilter</filter-name>
  <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
   <init-param>
       <param-name>casServerUrlPrefix</param-name>
       <param-value>https://cas.company.com/cas</param-value>
   </init-param>
   <init-param>
       <param-name>serverName</param-name>
       <param-value>https://wiki.company.com</param-value>
   </init-param>
   <init-param>
       <param-name>redirectAfterValidation</param-name>
       <param-value>true</param-value>
   </init-param>
</filter>

 

Step-4: Before the login filter-mapping add the following CAS client filter mapping in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<filter-mapping>
  <filter-name>CasSingleSignOutFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>CasAuthenticationFilter</filter-name>
   <url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>CasValidationFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

 

Step-5: Add the Single Sign Out listener to the list of listener list too in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<listener>
  <listener-class>
      org.jasig.cas.client.session.SingleSignOutHttpSessionListener
  </listener-class>
</listener>

 

Step-6: Modify the following in $CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml

<init-param>
<param-name>login.url</param-name>                                               
<!--<param-value>/login.action?os_destination=${originalurl}</param-value>-->    
<param-value>https://cas.company.com/cas/login?service=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<!--<param-value>/login.action</param-value>-->
<param-value>https://cas.company.com/cas/login?service=${originalurl}</param-value>
</init-param>

 

Step-7: Comment out the DefaultAuthenticator and add JASIG CAS Confluence Authenticator in $CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml

<authenticator class="org.jasig.cas.client.integration.atlassian.Confluence35CasAuthenticator"/>

 

Step-8: Configure CAS Logout instead of Confluence logout:

  1. Copy “$CONFLUENCE_INSTALL/WEB-INF/lib/confluence-5.9.9.jar to a temporary directory.
  2. Unpack the jar.
  3. Copy xwork.xml to $CONFLUENCE_INSTALL/WEB-INF/classes.
  4. Edit $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml, find the logout action and comment out the success result and replace it as shown below.
<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
  <interceptor-ref name="defaultStack"/>
  <result name="error" type="velocity">/logout.vm</result>
<!-- <result name="success" type="redirect">${logoutUrl}</result> -->
  <result name="success" type="redirect"> https://cas.company.com/cas/logout?service=https://wiki.company.com
  </result>
</action>

 

Step-9: Add JVM certificate in $CONFLUENCE_INSTALL/jre/lib/security/cacerts

sudo keytool -import -keystore $CONFLUENCE_INSTALL/jre/lib/security/cacerts -alias cas_cert -file /etc/certificate-directory/certificate

 

Step-10: Set environment variable in $CONFLUENCE_INSTALL/bin/setenv.sh

JAVA_OPTS="-Djavax.net.ssl.trustStore=$CONFLUENCE_INSTALL/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit"

 

Step-11: Finally, restart Confluence system. Now your Confluence system is ready for CAS authentication.

 

For more implementation details or support you may contact us at [email protected].

contact-us Request a callback WhatsApp