On Tue, Sep 1, 2009 at 11:26 PM, John Watson <[email protected]> wrote:
> <snip /> > Do you want to include configuration for both CAS and external users? (When > the Confluence login page still works) > If you have that, feel free to add it. I would put it on a separate page though to keep the main page simple (since that's the configuration most people would probably use). Thanks!! -Scott > > John > > > On Tue, Sep 1, 2009 at 20:16, Scott Battaglia > <[email protected]>wrote: > >> Its certainly possible that I always did the change when I protected >> Confluence but never put it in the document ;-) But regardless, you got >> what I was saying. Does that look right to you? >> >> My goal is to provide one configuration that can be used regardless of >> anonymous or non anonymous access. Our ultimate goal is to leverage as much >> of Confluence's security infrastructure as possible. We don't want people >> having to redo their configuration for CAS because they enabled/disabled >> anonymous support. >> >> Cheers, >> Scott >> >> >> >> >> On Tue, Sep 1, 2009 at 11:10 PM, John Watson <[email protected]>wrote: >> >>> I don't know if I'm grasping what you're saying but let me give it a >>> shot. I didn't see anything about the AuthenticationFilter in the previous >>> versions of the Confluence page. But this is what I'm understanding from >>> what you just said. >>> >>> <filter-mapping> >>> <filter-name>CasAuthenticationFilter</filter-name> >>> <url-pattern>/*</url-pattern></filter-mapping> >>> >>> Should be >>> >>> <filter-mapping> >>> <filter-name>CasAuthenticationFilter</filter-name> >>> <url-pattern>/login.action</url-pattern></filter-mapping> >>> >>> And then still modify login.url and link.login.url to point directly to >>> the CAS server. >>> >>> That way if someone does: >>> https://confluence.institution.edu/confluence/login.action >>> >>> The CAS AuthenticationFilter takes over the login page and Confluence >>> takes care of the rest of the pages? >>> >>> Regards, >>> John >>> >>> On Tue, Sep 1, 2009 at 18:43, Scott Battaglia <[email protected] >>> > wrote: >>> >>>> On Tue, Sep 1, 2009 at 8:29 PM, John Watson <[email protected]>wrote: >>>> >>>>> Ah, I see what you are saying. I didn't make that realization. It would >>>>> definitely cause issues if you follow a link to a protected page and >>>>> haven't >>>>> logged in yet. I will fix that in the wiki pages now. >>>>> True, if you set the link.login.url and login.url. The downside is, >>>>> that leaves the login.action page open (via direct URL). So if accounts >>>>> are >>>>> created with simple passwords that can be a large security hole. >>>>> >>>> >>>> I think the trick was to always protect that page with the >>>> AuthenticationFilter (with a hardcoded service url). If I recall >>>> correctly, >>>> that's what I had always recommended. So this way there is always one >>>> configuration. Auth Filter on the login and validation filter on >>>> everything >>>> else. So all the other pages rely on Confluence to determine whether to >>>> redirect for login or not. >>>> >>>> Cheers, >>>> Scott >>>> >>>> >>>> >>>>> >>>>> John >>>>> >>>>> On Tue, Sep 1, 2009 at 04:50, Scott Battaglia < >>>>> [email protected]> wrote: >>>>> >>>>>> Thanks. Took a quick look. Noticed in the validation filter you have >>>>>> the "service" parameter defined. I think that will cause trouble when >>>>>> supplying the URL dynamically (i.e. whatever page you are on). Would it >>>>>> make more sense to configure the serverName? >>>>>> >>>>>> Also, even if you're not using anonymous access shouldn't JIRA and >>>>>> Confluence still know to force you to log in without needing to configure >>>>>> the Authentication Filter? >>>>>> >>>>>> Thanks >>>>>> -Scott >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Sep 1, 2009 at 2:34 AM, John Watson <[email protected]>wrote: >>>>>> >>>>>>> I updated the Confluence page to be a near copy of the Jira page >>>>>>> since the configuration is nearly the same. >>>>>>> At first I had included a tip about my confluence/jira changes >>>>>>> because I copied and pasted the page from our Confluence and then >>>>>>> realized >>>>>>> as I was replying that you asked to wait on that information so I hid >>>>>>> them >>>>>>> from the HTML view of the Confluence pages. >>>>>>> >>>>>>> John >>>>>>> >>>>>>> On Mon, Aug 31, 2009 at 19:56, Scott Battaglia < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> On Mon, Aug 31, 2009 at 8:11 PM, John Watson <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Not a problem. >>>>>>>>> I just did something similar for Confluence too. >>>>>>>>> >>>>>>>>> Also regarding CAS and Confluence; should I modify your original >>>>>>>>> confluence page about confluence CAS configuration or should add >>>>>>>>> another one >>>>>>>>> for your review? >>>>>>>>> >>>>>>>>> >>>>>>>> If the changes are related to your Confluence changes, we should >>>>>>>> wait until we update the source and do a release. If its just more >>>>>>>> information about configuring in Confluence, you can just edit the >>>>>>>> existing >>>>>>>> page. >>>>>>>> >>>>>>>> Thanks! >>>>>>>> Scott >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> John >>>>>>>>> >>>>>>>>> On Mon, Aug 31, 2009 at 14:35, Scott Battaglia < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> John, >>>>>>>>>> >>>>>>>>>> Can you open an enhancement request in our JIRA for this also >>>>>>>>>> (forgot to ask you to do that the other day!). >>>>>>>>>> >>>>>>>>>> Thanks >>>>>>>>>> Scott >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Aug 27, 2009 at 11:42 PM, John Watson < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi everyone, >>>>>>>>>>> As in my very recent previous email, I have been trying to get >>>>>>>>>>> CAS Client 3.1.7 to work with Atlassian Jira. I have completed my >>>>>>>>>>> task but >>>>>>>>>>> need to make a little modification to JiraCasAuthenticator.java >>>>>>>>>>> >>>>>>>>>>> I added support for the logout function that gets called by >>>>>>>>>>> Seraph when a user logouts of Jira. >>>>>>>>>>> >>>>>>>>>>> Index: >>>>>>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java >>>>>>>>>>> >>>>>>>>>>> =================================================================== >>>>>>>>>>> --- >>>>>>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java >>>>>>>>>>> (revision 46469) >>>>>>>>>>> +++ >>>>>>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java >>>>>>>>>>> (working copy) >>>>>>>>>>> @@ -6,6 +6,7 @@ >>>>>>>>>>> package org.jasig.cas.client.integration.atlassian; >>>>>>>>>>> >>>>>>>>>>> import com.atlassian.seraph.auth.DefaultAuthenticator; >>>>>>>>>>> +import com.atlassian.seraph.auth.AuthenticatorException; >>>>>>>>>>> import org.apache.commons.logging.Log; >>>>>>>>>>> import org.apache.commons.logging.LogFactory; >>>>>>>>>>> import org.jasig.cas.client.util.AbstractCasFilter; >>>>>>>>>>> @@ -33,7 +34,7 @@ >>>>>>>>>>> >>>>>>>>>>> if (session != null) { >>>>>>>>>>> // user already exists >>>>>>>>>>> - if >>>>>>>>>>> (session.getAttribute(ConfluenceCasAuthenticator.LOGGED_IN_KEY) != >>>>>>>>>>> null) { >>>>>>>>>>> + if (session.getAttribute(LOGGED_IN_KEY) != null) { >>>>>>>>>>> log.info("Session found; user already logged >>>>>>>>>>> in."); >>>>>>>>>>> return (Principal) >>>>>>>>>>> session.getAttribute(LOGGED_IN_KEY); >>>>>>>>>>> } >>>>>>>>>>> @@ -42,12 +43,27 @@ >>>>>>>>>>> >>>>>>>>>>> if (assertion != null) { >>>>>>>>>>> final Principal p = >>>>>>>>>>> getUser(assertion.getPrincipal().getName()); >>>>>>>>>>> - request.getSession().setAttribute(LOGGED_IN_KEY, >>>>>>>>>>> p); >>>>>>>>>>> - >>>>>>>>>>> request.getSession().setAttribute(LOGGED_OUT_KEY, null); >>>>>>>>>>> + session.setAttribute(LOGGED_IN_KEY, p); >>>>>>>>>>> + session.setAttribute(LOGGED_OUT_KEY, null); >>>>>>>>>>> return p; >>>>>>>>>>> } >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> return super.getUser(request, response); >>>>>>>>>>> } >>>>>>>>>>> -} >>>>>>>>>>> \ No newline at end of file >>>>>>>>>>> + >>>>>>>>>>> + public boolean logout(final HttpServletRequest request, >>>>>>>>>>> final HttpServletResponse response) >>>>>>>>>>> + throws AuthenticatorException { >>>>>>>>>>> + final HttpSession session = request.getSession(); >>>>>>>>>>> + >>>>>>>>>>> + if (session != null) { >>>>>>>>>>> + final Principal p = (Principal) >>>>>>>>>>> session.getAttribute(LOGGED_IN_KEY); >>>>>>>>>>> + session.setAttribute(LOGGED_OUT_KEY,p); >>>>>>>>>>> + session.setAttribute(LOGGED_IN_KEY,null); >>>>>>>>>>> + >>>>>>>>>>> session.setAttribute(AbstractCasFilter.CONST_CAS_ASSERTION,null); >>>>>>>>>>> + return true; >>>>>>>>>>> + } >>>>>>>>>>> + >>>>>>>>>>> + return super.logout(request, response); >>>>>>>>>>> + } >>>>>>>>>>> +} >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> John Watson >>>>>>>>>>> Jr. Web Developer >>>>>>>>>>> University of California, Merced >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> You are currently subscribed to [email protected] as: >>>>>>>>>>> [email protected] >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You are currently subscribed to [email protected] as: >>>>>>>>>> [email protected] >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>>>>> >>>>>>>>>> >>>>>>>>> -- >>>>>>>>> You are currently subscribed to [email protected] as: >>>>>>>>> [email protected] >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>>>> >>>>>>>>> >>>>>>>> -- >>>>>>>> You are currently subscribed to [email protected] as: >>>>>>>> [email protected] >>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to [email protected] as: >>>>>>> [email protected] >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>>> >>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> [email protected] >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
