AnsweredAssumed Answered

Share 4 SSO with Jasig CAS

Question asked by sl_superb on Nov 9, 2011
Latest reply on Nov 26, 2012 by pzystorm
Hi all,
searching the forum I've read other posts on this argument, but I've not found a solution to the problem I have, so I've decided to start a new post.

Well, I had to implement a SSO system among several tools (Alfresco, Liferay, Mediawiki, Track, etc.) and I have decided to employ Jasig CAS.

Following this guide (http://holisticsecurity.wordpress.com/2011/02/19/web-sso-between-liferay-and-alfresco-with-cas-and-penrose-part-22/)
I was able to implement a filter for Alfresco Explorer 4.0b and setup a minimalistic SSO system among Liferay and Alfresco Explorer, system that is in production
since last summer, so it works.

Then it was the turn to implement SSO for Alfresco Share… and I've started having more than some problems.
I've followed some guides like this one (http://akselsarchitecture.blogspot.com/2010/09/cas-sso-for-alfresco-33-and-share.html) and
this (http://ecmstuff.blogspot.com/2011/06/configuring-alfresco-for-sso-with-cas.html) and, in summary, I was able to implement a Filter, an Authenticator
and a web service allowing users to log into Share through CAS.

The problem I've finally encountered seems related to the notification email that a user receives when he gets invited to join a project site. If the user clicks on one of the links inside the email (both to accept or reject the invitation), from the system logs I see a normal login procedure (Share invoke Alfresco web service to contact CAS, CAS create and validate a ticket and finally alfresco share is called back) but, when finally the service "org/alfresco/repository/invite/inviteresponse.put" is executed, I get the following error:


2011-11-08 19:24:31,117  ERROR [extensions.webscripts.AbstractRuntime] [TP-Processor24] Exception from executeScript - redirecting to status template error: A valid SecureContext was not provided in the RequestContext
net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
   at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:477)
   at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:355)
   at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:44)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:146)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy19.exists(Unknown Source)
   at org.alfresco.repo.rule.RuleServiceImpl.checkForCopy(RuleServiceImpl.java:1257)
   at org.alfresco.repo.rule.RuleServiceImpl.canExecuteRule(RuleServiceImpl.java:1237)
   at org.alfresco.repo.rule.RuleServiceImpl.executePendingRule(RuleServiceImpl.java:1149)
   at org.alfresco.repo.rule.RuleServiceImpl.executePendingRulesImpl(RuleServiceImpl.java:1102)
   at org.alfresco.repo.rule.RuleServiceImpl.executePendingRules(RuleServiceImpl.java:1075)
   at org.alfresco.repo.rule.RuleTransactionListener.beforeCommit(RuleTransactionListener.java:57)
   at org.alfresco.repo.transaction.AlfrescoTransactionSupport$TransactionSynchronizationImpl.doBeforeCommit(AlfrescoTransactionSupport.java:747)
   at org.alfresco.repo.transaction.AlfrescoTransactionSupport$TransactionSynchronizationImpl.doBeforeCommit(AlfrescoTransactionSupport.java:727)
   at org.alfresco.repo.transaction.AlfrescoTransactionSupport$TransactionSynchronizationImpl.beforeCommit(AlfrescoTransactionSupport.java:687)
   at org.springframework.transaction.support.TransactionSynchronizationUtils.triggerBeforeCommit(TransactionSynchronizationUtils.java:95)
   at org.springframework.transaction.support.AbstractPlatformTransactionManager.triggerBeforeCommit(AbstractPlatformTransactionManager.java:927)
   at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:737)
   at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:723)
   at org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:393)
   at org.alfresco.util.transaction.SpringAwareUserTransaction.commit(SpringAwareUserTransaction.java:472)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:410)
   at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:462)
   at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:500)
   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:275)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:372)
   at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
   at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:118)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
   at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
   at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
   at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
   at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
   at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
   at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
   at java.lang.Thread.run(Thread.java:662)

I thought that the problem was related to the authentication required to invoke this particular web service, so I have tryed to modify the authentication method required, but this has not modified the error.

At present I have no idea of where this error comes from. Do you have any suggestion for this issue?
Any hint from Alfresco community will be greatly appreciated.

Thanks,
Stefano.

P.S.: To reduce the post size I have not attached any code. If part of the setup/code can help you understanding the problem, just ask.

Outcomes