CAS Integration with Alfresco - Surekha Technologies
CAS Integration with Alfresco
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
In this blog, you can find steps for setting up CAS server and integration with Alfresco.
Environment Details and Software Versions:
- Ubuntu 12.04 LTS.
- Java Oracle 7.
- Jasig CAS 3.5.2.
- Alfresco 5.0.d or 5.1.e Community Edition.
- Apache web server.
Prerequisite :
- Basic Knowledge of Alfresco system, CAS Server and Apache web server.
Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog:
http://www.surekhatech.com/blog/liferay-sso-integration
Step-2: Configure CAS Mod Auth in Apache web server:
- Use below commands one by one to create and enable mod for cas authentication.
-
sudo apt-get install libapache2-mod-auth-cas
-
sudo a2enmod auth_cas
-
- Remove all the content from auth_cas.conf file which is available in etc/apache2/mods-available.
- Add the following content in auth_cas.conf file:
CASVersion 2 CASCookiePath /var/cache/apache2/mod_auth_cas/ CASLoginURL https://sso.cas.edu/cas/login CASValidateURL https://sso.cas.edu/cas/serviceValidate CASValidateServer Off CASDebug On CASCertificatePath /etc/apache2/ssl/sso.cas.edu.crt <LocationMatch ^/alfresco/(?!service/|service$|webdav/|webdav$|s/|s$|scripts/|css/|images/).*> AuthType CAS AuthName "CAS" require valid-user CASAuthNHeader SsoUserHeader CASScope /alfresco </LocationMatch> <Location /share> AuthType CAS AuthName "CAS" require valid-user CASAuthNHeader SsoUserHeader CASScope /share </Location> <Location /examples> AuthType CAS AuthName "CAS" require valid-user CASAuthNHeader SsoUserHeader CASScope /examples </Location>
Update CASLoginURL, CASValidateURL and CASCertificatePath as per your configuration.
Step-3: Configure Authentication certificates in JVM and TOMCAT:
a. Use below command to import certificate in JVM.
sudo keytool -import -keystore/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -alias cas_cert -file /etc/apache2/ssl/sso.cas.edu.crt
b. Edit alfresco/tomcat/bin/setenv.sh file.
JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit $JAVA_OPTS "
c. Edit alfresco/tomcat/conf/server.xml file.
<Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/>
Step-4: Update Alfresco Global properties:
Update “/alfresco/tomcat/shared/classes/ alfresco-global.properties " file with/for the following content:
authentication.chain=external1:external external.authentication.proxyUserName= external.authentication.enabled=true external.authentication.defaultAdministratorUserNames=admin external.authentication.proxyHeader=SsoUserHeader
Step-5: Update Alfresco Share Configuration:
Edit “alfresco/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml“ file:
Uncomment following tag, which will be at the last config section in file.
<config evaluator="string-compare" condition="Remote"> </config>
Update following two tags inside it:
<connector> <id>alfrescoHeader</id> <name>Alfresco Connector</name> <description>Connects to an Alfresco instance using header and cookie-based authentication</description> <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class> <userHeader>SsoUserHeader</userHeader> </connector> <endpoint> <id>alfresco</id> <name>Alfresco - user access</name> <description>Access to Alfresco Repository WebScripts that require user authentication</description> <connector-id>alfrescoHeader</connector-id> <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url> <identity>user</identity> <external-auth>true</external-auth> </endpoint>
Step-6: Add Dependencies for CAS Integration:
Add below jar files into alfresco/tomcat/lib directory.
- cas-client-core-3.2.1.jar
- commons-logging-1.1.jar
- cas-client-integration-tomcat-common-3.2.1.jar
- cas-client-integration-tomcat-v6-3.2.1.jar
You can find cas-client-core-3.2.1.jar and commons-logging-1.1.jar from your CAS installation /opt/TOMCAT/webapps/SSO/WEB-INF/lib directory whereas cas-client-integration-tomcat-v63.2.1.jar and cas-client-integration-tomcat-common-3.2.1.jar can be download.
For Your Business Requirements
2 - 4 October 2024
Hall: 10, Booth: #B8 Brussels, Belgium