I do not know Alfresco, but in general we protect web access with CAS (mod_auth_cas) and WebDAV with Kerberos (mod_auth_kerb). Our CAS uses Kerberos behind the scenes for authentication, so this provides a fairly seamless user experience.
On Thu, 2010-09-09 at 07:46 -0400, Joel Rosental R. wrote: > Hi, > > First of all i want to thank you because following your steps and with a > bit of additional steps i was able to put Alfresco + CAS working. > > Everything looks to be working fine except by WebDAV. My users use > alfresco's webdav a lot for upload documents and stuff there and i found > that once that Alfresco is authenticating against CAS, webdav is not > working anymore. Whereas a user tries to connect to it by entering: > http://alfresco.mydomain.com/alfresco/webdav he/she receives a 302 error > saying that the folder has been moved temporarily. > It makes sense since i had configured mod_jk in apache2 according to the > instructions shown in Alfresco's CAS wiki so that everytime it sees an > URL formed by alfresco/<something> it should take that request and send > it to the tomcat server behind. > This is the line: > > JkMount /alfresco ajp13 > JkMount /alfresco/* ajp13 > > Have you experienced some similar problems with your users? Is it there > a way that webdav can authenticate against CAS? > > > > On Thu, 2010-09-02 at 05:42 -0700, Andrus Suitsu wrote: > > Hi, > > > > Yes, I have experience with CAS and Alfresco. > > > > First I suggest you get CAS working as described here - > > https://wiki.jasig.org/display/CASUM/Best+Practice+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method > > > > Only after you have resolved all issues there, proceed to Alfresco. My > > Alfresco is setup using the package which also contains Tomcat. I have > > installed all that in /opt/alfresco on my Ubuntu server. I use Alfresco for > > authentication and LDAP for account synchronization. I don't know how your > > Alfresco is setup, so I will start with only the changes to my original > > configuration. > > > > 1. In /opt/alfresco/tomcat/shared/classes/alfresco-global.properties I have > > the following line > > authentication.chain=external1:external,passthru1assthru,ldap1:ldap > > > > external is for CAS to work. (passthru is needed for CIFS file sharing and > > ldap for account syncing). > > > > 2. Apache's mod_auth_cas module worked but unreliably, so I modified > > Alfresco's web.xml file > > /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml and added the > > following lines before existing <filter> tags > > > > <context-param> > > <param-name>serverName</param-name> > > <param-value>https://alfresco.mydomain</param-value> > > </context-param> > > <filter> > > <filter-name>CAS Authentication Filter</filter-name> > > > > <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> > > <init-param> > > <param-name>casServerLoginUrl</param-name> > > <param-value>https://cas.mydomain/cas/login</param-value> > > </init-param> > > </filter> > > <filter> > > <filter-name>CAS Validation Filter</filter-name> > > > > <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> > > <init-param> > > <param-name>casServerUrlPrefix</param-name> > > <param-value>https://cas.mydomain/cas</param-value> > > </init-param> > > <init-param> > > <param-name>redirectAfterValidation</param-name> > > <param-value>true</param-value> > > </init-param> > > </filter> > > <filter> > > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > > > > <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> > > </filter> > > > > <filter-mapping> > > <filter-name>CAS Authentication Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > <filter-mapping> > > <filter-name>CAS Validation Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > <filter-mapping> > > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > 3. I copied some JAR file into > > /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/lib > > - cas-client-core-3.1.11.jar > > - opensaml-1.1b.jar > > - xmlsec-1.4.3.jar > > - commons-logging-1.0.4.jar > > > > 4. I deleted opensaml-1.0.1.jar from the same directory. > > > > That's all! Restart Alfresco and you're done. > > > > > > Best regards, > > > > Andrus Suitsu > > > > -- > > View this message in context: > > http://jasig.275507.n4.nabble.com/Trying-to-integrate-CAS-with-Alfresco-tp2400685p2517235.html > > Sent from the CAS Users mailing list archive at Nabble.com. > > > -- Matthew J. Smith <[email protected]> University Information Technology Services -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
