AnsweredAssumed Answered

Alfresco CE (2.9 B), CAS 3.2, LDAP (Apache DS) config issues

Question asked by frank_s on Mar 25, 2008
Latest reply on Mar 28, 2008 by frank_s
Hi,

I'm attempting to set up an environment using CAS with LDAP authentication for the Alfresco. I've been successful in that when I try to access Alfresco, the request gets intercepted and redirects to the server running JA-SIG CAS and Apache DS. When I enter a user ID / password, CAS authenticates and grants a service ticket for the user and redirects to Alfresco.

However, instead of displaying the dashboard, Tomcat serves "noaccess.jsp" (a screen with the logo and a message reading "You have no access to Alfresco").

When I remove CAS from the chain and let Alfresco directly authenticate against LDAP, users can log on alright. Also, when I access the CAS login screen directly and enter a user's details, it shows "Login successful" - so it looks like CAS and LDAP are working together in the way they should.

After reading through the various posts and How-Tos dealing with setting up a CAS/LDAP authentication, I have to say that I'm pretty much stumped: there is nothing in any of the logs, and there doesn't seem to be a way of finding out what's going on "behind the scenes", i.e. what values CAS is sending to Alfresco and what Alfresco is doing with it…
The fact that I couldn't find any posts in regards to this particular issue seems to indicate that I' missing something blindingly obvious.

Any help or thoughts would be much appreciated. Thanks in advance,

Frank.

The setup is the following:
Server A ("aaa" in web.xml):
Windows Server 2003
Tomcat
Alfresco CE 2.9 B

Server B ("bbb" in web.xml):
Windows XP (test setup, will go to Win Server 2003 in time for production)
Tomcat
JA-SIG CAS Server 3.2
Apache DS

web.xml


   <filter>
      <filter-name>CAS</filter-name>
      <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
      <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
         <param-value>https://bbb:8443/cas/login</param-value>
      </init-param>
      <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
         <param-value>https://bbb:8443/cas/serviceValidate</param-value>
      </init-param>
      <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
         <param-value>aaa:8080</param-value>
      </init-param>
      <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.wrapRequest</param-name>
         <param-value>true</param-value>
      </init-param>
   </filter>
   <filter>
      <filter-name>Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.HTTPRequestAuthenticationFilter</filter-class>
   </filter>
   <filter>
      <filter-name>Admin Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
   </filter>

   <filter-mapping>
      <filter-name>CAS</filter-name>
      <url-pattern>/faces/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/faces/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/template/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/download/*</url-pattern>
   </filter-mapping>

Outcomes