CAS Integration with Alfresco

blog-banner
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

In this blog, you can find steps for setting up CAS server and integration with Alfresco.

Environment Details and Software Versions:

  • Ubuntu 12.04 LTS.
  • Java Oracle 7.
  • Jasig CAS 3.5.2.
  • Alfresco 5.0.d or 5.1.e Community Edition.
  • Apache web server.

Prerequisite :

  • Basic Knowledge of Alfresco system, CAS Server and Apache web server.

Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog:
http://www.surekhatech.com/blog/liferay-sso-integration

Step-2: Configure CAS Mod Auth in Apache web server:

  1. Use below commands one by one to create and enable mod for cas authentication.
    1. sudo apt-get install libapache2-mod-auth-cas
    2. sudo a2enmod auth_cas
  2. Remove all the content from auth_cas.conf file which is available in etc/apache2/mods­-available.
     
  3. Add the following content in auth_cas.conf file:
CASVersion 2
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://sso.cas.edu/cas/login
CASValidateURL https://sso.cas.edu/cas/serviceValidate
CASValidateServer Off
CASDebug On
CASCertificatePath /etc/apache2/ssl/sso.cas.edu.crt

<LocationMatch ^/alfresco/(?!service/|service$|webdav/|webdav$|s/|s$|scripts/|css/|images/).*>
AuthType CAS
AuthName "CAS"
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /alfresco
</LocationMatch>

<Location /share>
AuthType CAS 
AuthName "CAS"
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /share
</Location> 

<Location /examples>
AuthType CAS 
AuthName "CAS" 
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /examples
</Location>

Update CASLoginURL, CASValidateURL and CASCertificatePath as per your configuration.

Step-3: Configure Authentication certificates in JVM and TOMCAT:

a. Use below command to import certificate in JVM.

sudo keytool -import -keystore/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -alias cas_cert -file /etc/apache2/ssl/sso.cas.edu.crt

b. Edit alfresco/tomcat/bin/setenv.sh file.

JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit $JAVA_OPTS "

c. Edit alfresco/tomcat/conf/server.xml file.

<Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/>

Step-4: Update Alfresco Global properties:

Update “/alfresco/tomcat/shared/classes/ alfresco-­global.properties " file with/for the following content:

authentication.chain=external1:external external.authentication.proxyUserName= external.authentication.enabled=true external.authentication.defaultAdministratorUserNames=admin external.authentication.proxyHeader=SsoUserHeader

Step-5: Update Alfresco Share Configuration:

Edit “alfresco/tomcat/shared/classes/alfresco/web­-extension/share-­config-­custom.xml“ file:

Uncomment following tag, which will be at the last config section in file.

<config evaluator="string-compare" condition="Remote"> </config>

Update following two tags inside it:

<connector> <id>alfrescoHeader</id> <name>Alfresco Connector</name> <description>Connects to an Alfresco instance using header and cookie-based authentication</description> <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class> <userHeader>SsoUserHeader</userHeader> </connector> <endpoint> <id>alfresco</id> <name>Alfresco - user access</name> <description>Access to Alfresco Repository WebScripts that require user authentication</description> <connector-id>alfrescoHeader</connector-id> <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url> <identity>user</identity> <external-auth>true</external-auth> </endpoint>

Step-6: Add Dependencies for CAS Integration:

Add below jar files into alfresco/tomcat/lib directory.

  1. cas­-client-­core-­3.2.1.jar
  2. commons­-logging-­1.1.jar
  3. cas­-client-­integration-­tomcat-­common-­3.2.1.jar
  4. cas-­client-­integration-­tomcat­-v6-­3.2.1.jar

You can find cas­-client-­core-­3.2.1.jar and commons­-logging-­1.1.jar from your CAS installation /opt/TOMCAT/webapps/SSO/WEB-INF/lib directory whereas cas-­client-­integration-­tomcat­-v6­3.2.1.jar and cas­-client-­integration-­tomcat-­common-­3.2.1.jar can be download.

Contact us

For Your Business Requirements

Text to Identify Refresh CAPTCHA
Background Image Close Button

2 - 4 October 2024

Hall: 10, Booth: #B8 Brussels, Belgium