AnsweredAssumed Answered

Problems configuring Alfresco Share with mod_auth_cas

Question asked by hru on Jul 2, 2010
I am having problems configuring Alfresco Share with mod_auth_cas
The following are the details

Version: Alfresco Enterprise Trial 3.3.1 (96) schema 4013]

I followed the instruction in:
http://wiki.alfresco.com/wiki/Alfresco_With_mod_auth_cas

I have tested my server side and client side SSL certificates as instructed in the above document.
I am able to login to Alfresco application without problem as well.

However when I login to Share I got the following error:


Jul 2, 2010 5:30:30 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Jul 2, 2010 5:30:30 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Jul 2, 2010 5:30:30 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Jul 2, 2010 5:30:30 PM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Jul 2, 2010 5:30:30 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 773 ms
Jul 2, 2010 5:30:30 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Jul 2, 2010 5:30:30 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.26
Jul 2, 2010 5:30:30 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor alfresco.xml
Jul 2, 2010 5:30:32 PM org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "org.apache.myfaces.webapp.StartupServletContextListener" is already configured for this context. The duplicate definition has been ignored.
Jul 2, 2010 5:30:34 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Jul 2, 2010 5:31:45 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Jul 2, 2010 5:31:45 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Jul 2, 2010 5:31:46 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive share.war
Jul 2, 2010 5:31:46 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Jul 2, 2010 5:31:52 PM org.apache.catalina.core.ApplicationContext log
INFO: org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)
Jul 2, 2010 5:31:52 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'Spring Surf Dispatcher Servlet'
Jul 2, 2010 5:31:52 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
Jul 2, 2010 5:31:52 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
Jul 2, 2010 5:31:52 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Jul 2, 2010 5:31:52 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Jul 2, 2010 5:31:52 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
Jul 2, 2010 5:31:52 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Jul 2, 2010 5:31:52 PM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Jul 2, 2010 5:31:52 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 82417 ms
Jul 2, 2010 5:36:21 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet Spring Surf Dispatcher Servlet threw exception
org.json.JSONException: A JSONObject text must begin with '{' at character 11
   at org.json.JSONTokener.syntaxError(JSONTokener.java:413)
   at org.json.JSONObject.<init>(JSONObject.java:180)
   at org.json.JSONObject.<init>(JSONObject.java:420)
   at org.springframework.extensions.surf.support.AlfrescoUserFactory.loadUser(AlfrescoUserFactory.java:173)
   at org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:165)
   at org.springframework.extensions.surf.support.AbstractUserFactory.initialiseUser(AbstractUserFactory.java:99)
   at org.springframework.extensions.surf.RequestContextUtil.initialiseUser(RequestContextUtil.java:202)
   at org.springframework.extensions.surf.RequestContextUtil.initRequestContext(RequestContextUtil.java:106)
   at org.springframework.extensions.surf.RequestContextUtil.initRequestContext(RequestContextUtil.java:53)
   at org.alfresco.web.site.SlingshotPageViewResolver.lookupPage(SlingshotPageViewResolver.java:57)
   at org.springframework.extensions.surf.mvc.PageViewResolver.canHandle(PageViewResolver.java:71)
   at org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:370)
   at org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:77)
   at org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1091)
   at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1040)
   at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
   at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716)
   at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647)
   at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:552)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:67)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:427)
   at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
   at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
   at java.lang.Thread.run(Thread.java:619)


Also on my CAS server, the following log appears

<Granted service ticket [ST-57-7VglQ6k3JPDgwLODFRzd-cas] for service [https://localhost:443/share] for user [userx@sourcebynet.com]>
2010-07-02 17:36:20,113 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: https://localhost:443/share>
2010-07-02 17:36:20,113 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-57-7VglQ6k3JPDgwLODFRzd-cas]>
2010-07-02 17:36:20,113 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-57-7VglQ6k3JPDgwLODFRzd-cas] found in registry.>
2010-07-02 17:36:20,113 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-57-7VglQ6k3JPDgwLODFRzd-cas] from registry>
2010-07-02 17:36:21,361 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://localhost/alfresco/wcs/remotestore/has/alfresco/site-data/configurations/slingshot.site.configuration.xml?s=sitestore>

2010-07-02 17:36:21,361 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - <Certificates not found in request.>


This seems to indicate somehow Share is having problem communicating with Alfresco in that Share is not presenting the client certificate to Alfresco.

In the process of debugging this, I was also made aware of the following bug which seems to have been left unresolved:
http://issues.alfresco.com/jira/browse/ALF-2788

I am currently evaluating Alfresco for my company. Alfresco (esp Share) seems to have very attractive feature set that suits our needs. However Central Authentication Service (CAS) Authentication is a must-have feature for us and therefore this issue is a major obstacle for us to adopt Alfresco.

All help will be much appreciated.



ps. I've also tried out 3.3CE and 3.2r2 without much success as well.

Outcomes