AnsweredAssumed Answered

Alfresco and CAS

Question asked by andrepra on Jun 10, 2006
Latest reply on Jan 25, 2008 by andergast
I configured SSO with some applications running on tomcat with Alfresco running on another tomcat. To do that I used CAS. I added the CAS client filter and I modified the AuthenticationFilter to read the CAS information following as examples the NTLMAuthenticationFilter. That works fine.
The problem was using the download and the template servlet. I added the servlets path to the mapping of the previus filter to apply the CAS security check also to that calls. What happened: calling directly the download servlet (ie: from a link in email) CAS filter intercepted the call and send to CAS login page but after the authentication I got the Alfresco login page. But that page was not necessary because i was already authenticated (by the 2 filter, cas and mine authentication).
So I took a look at the code and I found the problem. Was due to the "ticket" request parameter. Alfresco servlets look for ticket parameter for authentication. The problem is that the name of the parameter is the same for Alfresco and for CAS. So Alfresco fond a ticket, tried to autheticate it but that ticket was not valid for Alfresco, because is the CAS ticket. 
At the moment I solved the problem changing the value of ARG_TICKET in BaseServlet class in "alfticket".
Now I have a dubth. Maybe a did a lot of work to integrate Alfresco with Cas that was not necessary. Maybe there a way to configure ALfresco to validate the ticket against CAS server?
Can you tell me if what I've done is correct.


ps:working with 1.3