CAS Integration With Confluence

blog-banner

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

In this blog, you can find steps for setting up CAS server and integration with Alfresco.

Environment Details and Software Versions

  • Ubuntu 12.04 LTS.
  • Jasig CAS 3.5.2.
  • Confluence 5.9.8, Confluence 5.9.9.

Prerequisite:

  • Basic Knowledge of Alfresco system, CAS Server and Apache web server.

Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog:

http://www.surekhatech.com/blog/liferay-sso-integration

Step-2: Stop the Confluence system and add “cas-client-core-3.3.3.jar” and “cas-client-integration-atlassian-3.3.3.jar” in $CONFLUENCE_INSTALL/WEB-INF/lib.

Step-3: Add the following cas client filter configuration to the end of the filter list in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://cas.company.com/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://wiki.company.com</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://cas.company.com/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://wiki.company.com</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter> 

Step-4: Before the login filter-mapping add the following CAS client filter mapping in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> 

Step-5: Add the Single Sign Out listener to the list of listener list too in $CONFLUENCE_INSTALL/WEB-INF/web.xml

<listener>
<listener-class>
org.jasig.cas.client.session.SingleSignOutHttpSessionListener
</listener-class>
</listener> 

Step-6: Modify the following in $CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml

<init-param>
<param-name>login.url</param-name> <!--<param-value>/login.action?os_destination=${originalurl}</param-value>--> <param-value>https://cas.company.com/cas/login?service=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<!--<param-value>/login.action</param-value>-->
<param-value>https://cas.company.com/cas/login?service=${originalurl}</param-value>
</init-param> 

Step-7: Comment out the DefaultAuthenticator and add JASIG CAS Confluence Authenticator in $CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml

<authenticator class="org.jasig.cas.client.integration.atlassian.Confluence35CasAuthenticator"/> 

Step-8: Configure CAS Logout instead of Confluence logout:

  1. Copy “$CONFLUENCE_INSTALL/WEB-INF/lib/confluence-5.9.9.jar” to a temporary directory.
  2. Unpack the jar.
  3. Copy xwork.xml to $CONFLUENCE_INSTALL/WEB-INF/classes.
  4. Edit $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml, find the logout action and comment out the success result and replace it as shown below.
<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
<interceptor-ref name="defaultStack"/>
<result name="error" type="velocity">/logout.vm</result>
<!-- <result name="success" type="redirect">${logoutUrl}</result> -->
<result name="success" type="redirect"> https://cas.company.com/cas/logout?service=https://wiki.company.com
</result>
</action> 

Step-9: Add JVM certificate in $CONFLUENCE_INSTALL/jre/lib/security/cacerts

sudo keytool -import -keystore $CONFLUENCE_INSTALL/jre/lib/security/cacerts -alias cas_cert -file /etc/certificate-directory/certificate 

Step-10: Set environment variable in $CONFLUENCE_INSTALL/bin/setenv.sh

JAVA_OPTS="-Djavax.net.ssl.trustStore=$CONFLUENCE_INSTALL/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit" 

Step-11: Finally, restart Confluence system. Now your Confluence system is ready for CAS authentication.

Contact us

For Your Business Requirements

: 0 / 65000

: 0 / 280

: 0 / 280

: 0 / 280

: 0 / 280

: 0 / 280

: 0 / 65000

Text to Identify Refresh CAPTCHA
Background Image Close Button

2 - 4 October 2024

Hall: 10, Booth: #B8 Brussels, Belgium