AnsweredAssumed Answered

Problem with Cignex Liferay, Alfresco, CAS, LDAP install

Question asked by schoony99 on Nov 4, 2008
Hi all,

I am attempting to configure Alfresco 2.2.0, Liferay Portal 5.0.1, LDAP, and CAS for SSO.  I am using the bundle available from http://liferay.cignex.com.  Below are the steps I have taken to get my environment to it’s current state.

The Liferay/Alfresco/Tomcat server is running on Windows 2003 Server Standard.  I installed Windows from scratch, then installed Java JDK 1.6.0_07 and MySQL Server 5.0.  The computer name is ALFRESCO.  I extracted the Cignex bundle to the root of C and created the appropriate MySQL Databases and Users.

The CAS/Tomcat server is also running on Windows 2003 Server Standard.  I installed Windows from scratch, then installed Java JDK 1.6.0_07, Apache Tomcat 6.0.16, and Apache Directory Server.  The full computer name is CAS.DIRECTML.COM.  I copied the cas-web folder from the Cignex bundle into tomcat’s web-inf folder.  I then generated a keystore and certificate signing request using the instructions at http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.  I then went to GoDaddy.com and purchased an SSL certificate for cas.directml.com.  After receiving the certificate, I imported it into Java’s keystore at %JAVA_HOME%/jre/lib/security/cacerts following the instructions at http://www.ja-sig.org/products/cas/server/ssl/index.html. I then uncommented the HTTPS section of tomcat’s server.conf file. 

Now, I can browse to https://cas.directml.com:8443 from both computers and load the page with no security warnings.  At this point, all of my other CAS/LDAP related files are still pointing to their default locations (docs.cignex.com), so I attempt to login with the user jonas/jonas.  This works fine.  I can also login to just Alfresco by going to http://alfresco:8080/alfresco and using jonas/jonas.  So, from here I want to point Alfresco to my CAS server.  I modify %tomcat_home%\webapps\alfresco\WEB-INF\web.xml and change the following:

      <filter>
            <filter-name>CAS Filter</filter-name>
            <filter-class>com.cignex.filters.sso.cas.CASFilter</filter-class>
            <init-param>
                  <param-name>cas_server_url</param-name>
                  <param-value>https://docs.cignex.com/cas-web</param-value>


To the following:

      <filter>
            <filter-name>CAS Filter</filter-name>
            <filter-class>com.cignex.filters.sso.cas.CASFilter</filter-class>
            <init-param>
                  <param-name>cas_server_url</param-name>
                  <param-value>https://cas.directml.com:8443/cas-web</param-value>


This is the only change I have made.  All references to LDAP still point to docs.cignex.com.  Immediately after making this change, I try again to browse to http://alfresco:8080/alfresco.  Now, when I enter jonas/jonas and hit submit, I receive the following error:

22:13:58,906 ERROR [cas.client.CASReceipt] com.cignex.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[com.cignex.cas.client.ProxyTicketValidator proxyList=[null] [com.cignex.cas.client.ServiceTicketValidator casValidateUrl=[https://cas.directml.com:8443/cas-web/serviceValidate] ticket=[ST-3-4XoEdKWceNyJpUPEEkRO-cas] service=[http%3A%2F%2Flocalhost%3A8080%2Falfresco%2Findex.jsp] renew=false]]]
22:13:58,906 ERROR [client.filter.CASFilter] com.cignex.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[com.cignex.cas.client.ProxyTicketValidator proxyList=[null] [com.cignex.cas.client.ServiceTicketValidator casValidateUrl=[https://cas.directml.com:8443/cas-web/serviceValidate] ticket=[ST-3-4XoEdKWceNyJpUPEEkRO-cas] service=[http%3A%2F%2Flocalhost%3A8080%2Falfresco%2Findex.jsp] renew=false]]]


I have done much research about this error, and everything I can find refers to this being caused by miss configured SSL.  I have attempted everything I know to get this to work, yet nothing has fixed it.  Does anybody else know what I might possibly be missing?

Outcomes