« Back to Blogs

CAS Integration with Alfresco

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.


In this blog, you can find steps for setting up CAS server and integration with Alfresco.


Environment Details and Software Versions:

  • Ubuntu 12.04 LTS.

  • Java Oracle 7.

  • Jasig CAS 3.5.2.

  • Alfresco 5.0.d or 5.1.e Community Edition.

  • Apache web server.


Prerequisite :


  • Basic Knowledge of Alfresco system, CAS Server and Apache web server.


Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog:


Step-2:  Configure CAS Mod Auth in Apache web server:

  1. Use below commands one by one to create and enable mod for cas authentication.


    1. sudo apt-get install libapache2-mod-auth-cas
    2. sudo a2enmod auth_cas
  2. Remove all the content from auth_cas.conf file which is available in etc/apache2/mods­-available.

  3. Add the following content in auth_cas.conf file:


CASVersion 2
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://sso.cas.edu/cas/login
CASValidateURL https://sso.cas.edu/cas/serviceValidate
CASValidateServer Off
CASDebug On
CASCertificatePath /etc/apache2/ssl/sso.cas.edu.crt

<LocationMatch ^/alfresco/(?!service/|service$|webdav/|webdav$|s/|s$|scripts/|css/|images/).*>
AuthType CAS
AuthName "CAS"
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /alfresco

<Location /share>
AuthType CAS   
AuthName "CAS"
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /share

<Location /examples>
AuthType CAS 
AuthName "CAS" 
require valid-user
CASAuthNHeader SsoUserHeader
CASScope /examples

Update CASLoginURL, CASValidateURL and CASCertificatePath as per your configuration.

Step-3: Configure Authentication certificates in JVM and TOMCAT:

a. Use below command to import certificate in JVM.

sudo keytool -import -keystore/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -alias cas_cert -file /etc/apache2/ssl/sso.cas.edu.crt


           b. Edit alfresco/tomcat/bin/setenv.sh file.

JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit $JAVA_OPTS "


           c. Edit alfresco/tomcat/conf/server.xml file.

<Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" 


Step-4: Update Alfresco Global properties:

Update “/alfresco/tomcat/shared/classes/alfresco-­global.properties" file with/for the following content:




Step-5: Update Alfresco Share Configuration:

Edit “alfresco/tomcat/shared/classes/alfresco/web­-extension/share-­config-­custom.xml“ file:

Uncomment following tag, which will be at the last config section in file.

<config evaluator="string-compare" condition="Remote">


Update following two tags inside it:

<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>

<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>


Step-6: Add Dependencies for CAS Integration:

Add below jar files into alfresco/tomcat/lib directory.

  1. cas­-client-­core-­3.2.1.jar

  2. commons­-logging-­1.1.jar

  3. cas­-client-­integration-­tomcat-­common-­3.2.1.jar

  4. cas-­client-­integration-­tomcat­-v6-­3.2.1.jar


You can find cas­-client-­core-­3.2.1.jar and commons­-logging-­1.1.jar from your CAS installation /opt/TOMCAT/webapps/SSO/WEB-INF/lib directory whereas cas-­client-­integration-­tomcat­-v6­3.2.1.jar and cas­-client-­integration-­tomcat-­common-­3.2.1.jar can be download.  


For more implementation details or support you may contact us at [email protected].

contact-us Request a callback WhatsApp