CAS Integration With Confluence - ST 2024
CAS Integration With Confluence
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
In this blog, you can find steps for setting up CAS server and integration with Alfresco.
Environment Details and Software Versions
- Ubuntu 12.04 LTS.
- Jasig CAS 3.5.2.
- Confluence 5.9.8, Confluence 5.9.9.
Prerequisite:
Basic Knowledge of Alfresco system, CAS Server and Apache web server.
Step-1: Setup a CAS server. You can find the steps to setup CAS from the following Blog:
http://www.surekhatech.com/blog/liferay-sso-integration
Step-2: Stop the Confluence system and add “cas-client-core-3.3.3.jar” and “cas-client-integration-atlassian-3.3.3.jar” in $CONFLUENCE_INSTALL/WEB-INF/lib.
Step-3: Add the following cas client filter configuration to the end of the filter list in $CONFLUENCE_INSTALL/WEB-INF/web.xml
<filter> <filter-name>CasSingleSignOutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter> <filter-name>CasAuthenticationFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://cas.company.com/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://wiki.company.com</param-value> </init-param> </filter> <filter> <filter-name>CasValidationFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://cas.company.com/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://wiki.company.com</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter>
Step-4: Before the login filter-mapping add the following CAS client filter mapping in $CONFLUENCE_INSTALL/WEB-INF/web.xml
<filter-mapping> <filter-name>CasSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CasAuthenticationFilter</filter-name> <url-pattern>/login.action</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CasValidationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Step-5: Add the Single Sign Out listener to the list of listener list too in $CONFLUENCE_INSTALL/WEB-INF/web.xml
<listener> <listener-class> org.jasig.cas.client.session.SingleSignOutHttpSessionListener </listener-class> </listener>
Step-6: Modify the following in $CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml
<init-param> <param-name>login.url</param-name> <!--<param-value>/login.action?os_destination=${originalurl}</param-value>--> <param-value>https://cas.company.com/cas/login?service=${originalurl}</param-value> </init-param> <init-param> <param-name>link.login.url</param-name> <!--<param-value>/login.action</param-value>--> <param-value>https://cas.company.com/cas/login?service=${originalurl}</param-value> </init-param>
Step-7: Comment out the DefaultAuthenticator and add JASIG CAS Confluence Authenticator in $CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml
<authenticator class="org.jasig.cas.client.integration.atlassian.Confluence35CasAuthenticator"/>
Step-8: Configure CAS Logout instead of Confluence logout:
- Copy “$CONFLUENCE_INSTALL/WEB-INF/lib/confluence-5.9.9.jar” to a temporary directory.
- Unpack the jar.
- Copy xwork.xml to $CONFLUENCE_INSTALL/WEB-INF/classes.
- Edit $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml, find the logout action and comment out the success result and replace it as shown below.
<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction"> <interceptor-ref name="defaultStack"/> <result name="error" type="velocity">/logout.vm</result> <!-- <result name="success" type="redirect">${logoutUrl}</result> --> <result name="success" type="redirect"> https://cas.company.com/cas/logout?service=https://wiki.company.com </result> </action>
Step-9: Add JVM certificate in $CONFLUENCE_INSTALL/jre/lib/security/cacerts
sudo keytool -import -keystore $CONFLUENCE_INSTALL/jre/lib/security/cacerts -alias cas_cert -file /etc/certificate-directory/certificate
Step-10: Set environment variable in $CONFLUENCE_INSTALL/bin/setenv.sh
JAVA_OPTS="-Djavax.net.ssl.trustStore=$CONFLUENCE_INSTALL/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
Step-11: Finally, restart Confluence system. Now your Confluence system is ready for CAS authentication.
For Your Business Requirements
2 - 4 October 2024
Hall: 10, Booth: #B8 Brussels, Belgium