CASification d'alfresco pour le SSO

ibrahim · ‎25 Jun 2010

Bonjour la communauté,

Je reviens vers vous, cette fois pour un problème avec la configuration d'alfresco pour utiliser mon serveur CAS,
puisque j'ai pas trop compris le wiki: http://wiki.alfresco.com/wiki/Alfresco_With_mod_auth_cas , qui parle du module auth_cas, et que j'ai déjà une installation alfresco community 3.3 qui marche trés bien
Alors j'ai suivi: http://wiki.alfresco.com/wiki/Central_Authentication_Service_Configuration

C'est a dire, j'ai copier les jar
./webapps/alfresco/WEB-INF/lib/cas-client-core-3.1.3.jar
./webapps/alfresco/WEB-INF/lib/keembay-alfresco-cas.jar

sur le fichier ./webapps/alfresco/WEB-INF/web.xml j'ai ajouter ça


<!– CAS client filter –>
 <filter>
     <filter-name>CAS Filter</filter-name>
     <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
     <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
         <param-value>http://Mon_Serveur_CAs_url:8088/cas/login</param-value>
     </init-param>
     <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
         <param-value>http://Mon_Serveur_CAs_url:8088/cas/serviceValidate</param-value>
     </init-param>
     <init-param>
         <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
         <param-value>Alfresco_url/alfresco/</param-value>
     </init-param>
 </filter>

 <filter-mapping>
     <filter-name>CAS Filter</filter-name>
     <url-pattern>/faces/*</url-pattern>
 </filter-mapping>
 <!– end of CAS client filter –>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Et j'ai modifier sur le même fichier ceci


   <filter>
      <filter-name>Authentication Filter</filter-name>
      <filter-class>com.keembay.alfresco.web.app.servlet.CASAuthenticationFilter</filter-class>
      <init-param>
         <param-name>cas.user.label</param-name>
         <param-value>edu.yale.its.tp.cas.client.filter.user</param-value>
      </init-param>
   </filter>
‍‍‍‍‍‍‍‍‍‍

mon premier test a retourné cette erreur

13:02:59,119  WARN  [springframework.beans.GenericTypeAwarePropertyDescriptor] Invalid JavaBean property 'blockedSenders' being accessed! Ambiguous write methods found next to actually used [public void org.alfresco.email.server.EmailServer.setBlockedSenders(java.util.List)]: [public void org.alfresco.email.server.EmailServer.setBlockedSenders(java.lang.String)]
13:02:59,119  WARN  [springframework.beans.GenericTypeAwarePropertyDescriptor] Invalid JavaBean property 'allowedSenders' being accessed! Ambiguous write methods found next to actually used [public void org.alfresco.email.server.EmailServer.setAllowedSenders(java.util.List)]: [public void org.alfresco.email.server.EmailServer.setAllowedSenders(java.lang.String)]
13:02:59,142  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, inbound] complete
13:02:59,147  INFO  [repo.usage.UserUsageTrackingComponent] Enabled - calculate missing user usages …
13:02:59,154  INFO  [repo.usage.UserUsageTrackingComponent] Found 0 users to recalculate
13:02:59,154  INFO  [repo.usage.UserUsageTrackingComponent] … calculated missing usages for 0 users
13:02:59,154  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
13:02:59,162  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
13:02:59,201  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
13:02:59,299  INFO  [service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_20-b02; maximum heap size 910.250MB
13:02:59,299  INFO  [service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.3.0 (2765) schema 4009 - Originally installed version 3.3.0 (2765) schema 4009
13:03:01,616  INFO  [module.vti.VtiServer] Vti server started successfully on port: 7070
13:03:10,288 User:System INFO  [extensions.webscripts.DeclarativeRegistry] Registered 341 Web Scripts (+0 failed), 576 URLs
13:03:10,288 User:System INFO  [extensions.webscripts.DeclarativeRegistry] Registered 2 Package Description Documents (+0 failed)
13:03:10,288 User:System INFO  [extensions.webscripts.DeclarativeRegistry] Registered 1 Schema Description Documents (+0 failed)
13:03:10,290 User:System INFO  [extensions.webscripts.AbstractRuntimeContainer] Initialised Repository Web Script Container (in 8459.786ms)
13:03:10,290  INFO  [extensions.webscripts.TemplateProcessorRegistry] Registered template processor freemarker for extension ftl
13:03:10,291  INFO  [extensions.webscripts.ScriptProcessorRegistry] Registered script processor javascript for extension js
Jun 25, 2010 1:03:10 PM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Jun 25, 2010 1:03:10 PM org.apache.catalina.core.StandardContext start
SEVERE: Context [/alfresco] startup failed due to previous errors
13:03:10,639  INFO  [management.subsystems.ChildApplicationContextFactory] Stopping 'email' subsystem, ID: [email, inbound]
13:03:10,641  ERROR [management.subsystems.ChildApplicationContextFactory$ChildApplicationContext] Exception thrown from ApplicationListener handling ContextClosedEvent
org.springframework.beans.factory.BeanCreationNotAllowedException: Error creating bean with name 'InboundSMTP': Singleton bean creation not allowed while the singletons of this factory are in destruction (Do not request a bean from a BeanFactory in a destroy method implementation!)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:209)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        at org.springframework.context.event.AbstractApplicationEventMulticaster.getApplicationListeners(AbstractApplicationEventMulticaster.java:132)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:86)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:296)
        at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:943)
        at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:917)
        at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.stop(ChildApplicationContextFactory.java:642)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.stop(AbstractPropertyBackedBean.java:485)
        at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.destroy(AbstractPropertyBackedBean.java:357)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

j'ai essayé de recompiler le keembay-alfresco-cas.jar, ca n'a rien donné !!!

http://forums.alfresco.com/en/viewtopic.php?f=8&t=25990&p=84437&hilit=cas+authentication+alfresco+3....
es-que vous avez une solution pour cette situation, MERCI

crdlt
brahim

ibrahim · ‎28 Jun 2010

Bonjour,
vu que j'ai pas vraiment avancé depuis le temps, je me suis concentré sur l'histoire du mod auth cas, j'ai remis la configuration d'alfresco qui marche,
mais je bloque sur le Build, Install and Configure Apache Modules http://wiki.alfresco.com/wiki/Alfresco_With_mod_auth_cas#Step_5:_Build.2C_Install_and_Configure_Apac...

la commande

svn co https://www.ja-sig.org/svn/cas-clients/mod_auth_cas/trunk mod_auth_cas_trunk‍

me retourne ça :

svn: PROPFIND request failed on '/svn/cas-clients/mod_auth_cas/trunk'
svn: PROPFIND of '/svn/cas-clients/mod_auth_cas/trunk': 301 Moved Permanently (https://www.ja-sig.org)
‍‍‍

j'ai telecharger les fichiers manualement mais je tombe sur une erreur au moment du make

/usr/sbin/apxs -c src/mod_auth_cas.c
/usr/lib64/apr-1/build/libtool –silent –mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic -fno-strict-aliasing  -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/httpd  -I/usr/include/apr-1   -I/usr/include/apr-1   -c -o src/mod_auth_cas.lo src/mod_auth_cas.c && touch src/mod_auth_cas.slo
src/mod_auth_cas.c:42:28: error: openssl/crypto.h: No such file or directory
src/mod_auth_cas.c:43:26: error: openssl/x509.h: No such file or directory
src/mod_auth_cas.c:44:25: error: openssl/pem.h: No such file or directory
src/mod_auth_cas.c:45:25: error: openssl/ssl.h: No such file or directory
src/mod_auth_cas.c:46:25: error: openssl/err.h: No such file or directory
In file included from src/mod_auth_cas.c:63:
src/mod_auth_cas.h:165: error: expected declaration specifiers or '…' before 'X509'
src/mod_auth_cas.h:166: error: expected declaration specifiers or '…' before 'SSL'
src/mod_auth_cas.h:166: error: expected declaration specifiers or '…' before 'SSL_CTX'
src/mod_auth_cas.c:1572: error: expected declaration specifiers or '…' before 'X509'
src/mod_auth_cas.c: In function 'check_cert_cn':
src/mod_auth_cas.c:1586: warning: implicit declaration of function 'X509_NAME_get_text_by_NID'
src/mod_auth_cas.c:1586: warning: implicit declaration of function 'X509_get_subject_name'
src/mod_auth_cas.c:1586: error: 'certificate' undeclared (first use in this function)
src/mod_auth_cas.c:1586: error: (Each undeclared identifier is reported only once
src/mod_auth_cas.c:1586: error: for each function it appears in.)
src/mod_auth_cas.c:1586: error: 'NID_commonName' undeclared (first use in this function)
src/mod_auth_cas.c: At top level:
src/mod_auth_cas.c:1606: error: expected declaration specifiers or '…' before 'SSL'
src/mod_auth_cas.c:1606: error: expected declaration specifiers or '…' before 'SSL_CTX'
src/mod_auth_cas.c: In function 'CASCleanupSocket':
src/mod_auth_cas.c:1615: error: 'ssl' undeclared (first use in this function)
src/mod_auth_cas.c:1616: warning: implicit declaration of function 'SSL_free'
src/mod_auth_cas.c:1618: error: 'ctx' undeclared (first use in this function)
src/mod_auth_cas.c:1619: warning: implicit declaration of function 'SSL_CTX_free'
src/mod_auth_cas.c: In function 'getResponseFromServer':
src/mod_auth_cas.c:1638: error: 'SSL_METHOD' undeclared (first use in this function)
src/mod_auth_cas.c:1638: error: 'm' undeclared (first use in this function)
src/mod_auth_cas.c:1639: error: 'SSL_CTX' undeclared (first use in this function)
src/mod_auth_cas.c:1639: error: 'ctx' undeclared (first use in this function)
src/mod_auth_cas.c:1640: error: 'SSL' undeclared (first use in this function)
src/mod_auth_cas.c:1640: error: 'ssl' undeclared (first use in this function)
src/mod_auth_cas.c:1663: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1674: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1679: warning: implicit declaration of function 'SSL_library_init'
src/mod_auth_cas.c:1680: warning: implicit declaration of function 'SSL_load_error_strings'
src/mod_auth_cas.c:1681: warning: implicit declaration of function 'SSLv23_method'
src/mod_auth_cas.c:1682: warning: implicit declaration of function 'SSL_CTX_new'
src/mod_auth_cas.c:1685: warning: implicit declaration of function 'SSL_CTX_set_verify'
src/mod_auth_cas.c:1685: error: 'SSL_VERIFY_PEER' undeclared (first use in this function)
src/mod_auth_cas.c:1689: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1694: warning: implicit declaration of function 'SSL_CTX_load_verify_locations'
src/mod_auth_cas.c:1696: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1702: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1707: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1711: warning: implicit declaration of function 'SSL_CTX_set_verify_depth'
src/mod_auth_cas.c:1714: warning: implicit declaration of function 'SSL_new'
src/mod_auth_cas.c:1718: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1722: warning: implicit declaration of function 'SSL_set_fd'
src/mod_auth_cas.c:1724: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1728: warning: implicit declaration of function 'SSL_connect'
src/mod_auth_cas.c:1730: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1737: warning: implicit declaration of function 'SSL_get_verify_result'
src/mod_auth_cas.c:1737: error: 'X509_V_OK' undeclared (first use in this function)
src/mod_auth_cas.c:1737: warning: implicit declaration of function 'SSL_get_peer_certificate'
src/mod_auth_cas.c:1737: warning: comparison between pointer and integer
src/mod_auth_cas.c:1739: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1741: warning: passing argument 3 of 'check_cert_cn' makes pointer from integer without a cast
src/mod_auth_cas.c:1741: error: too many arguments to function 'check_cert_cn'
src/mod_auth_cas.c:1743: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1762: warning: implicit declaration of function 'SSL_write'
src/mod_auth_cas.c:1764: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1773: warning: implicit declaration of function 'SSL_read'
src/mod_auth_cas.c:1787: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c:1791: error: too many arguments to function 'CASCleanupSocket'
src/mod_auth_cas.c: In function 'cas_in_filter':
src/mod_auth_cas.c:2017: warning: unknown conversion type character 0x20 in format
src/mod_auth_cas.c:2017: warning: too many arguments for format
src/mod_auth_cas.c:2026: warning: unknown conversion type character 0x20 in format
src/mod_auth_cas.c:2026: warning: format '%s' expects type 'char *', but argument 7 has type 'size_t'
src/mod_auth_cas.c:2026: warning: too many arguments for format
apxs:Error: Command failed with rc=65536
.
make: *** [all] Error 1
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

aidez moi svp, je suis bloqué !!!!!

mederic · ‎28 Jun 2010

Bonjour,

Concernant la commande "svn checkout", voici une URL qui devrait mieux fonctionner :

svn co https://source.jasig.org/cas-clients/mod_auth_cas/trunk mod_auth_cas_trunk‍

Concernant les erreurs de compilation, OpenSSL est-il correctement installé sur la machine ?

Médéric

ibrahim · ‎28 Jun 2010

Merci de ta réponse Médéric, t'avait vue juste c'est bien le devel d'open ssl qui manquais.

j'ai réussi a terminer la configuration, mais j'ai ça au démarrage de httpd

Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/httpd.conf: Syntax error on line 2 of /etc/httpd/conf.d/mod_jk.conf: Cannot load /usr/lib/httpd/modules/mod_jk.so into server: /usr/lib/httpd/modules/mod_jk.so: cannot open shared object file: No such file or directory
                                                           [FAILED]
[root@alftest /]# vi /etc/httpd/conf.d/mod_jk.conf
[root@alftest /]# ll /usr/lib/httpd/modules/
ls: /usr/lib/httpd/modules/: No such file or directory
‍‍‍‍‍‍

comme t'a vue j'ai bien vérifié le dossier n'existe pas !!
j'ai crus avoir sauter une étape mais je la reconnais pas !!

ibrahim · ‎29 Jun 2010

c'est bon j'ai réussi a dépassé cette erreur,
le problème maintenant c'est quand j'essaye de testé avec http://your.host.com/examples/jsp/snp/snoop.jsp j'ai ca

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.2.3 (CentOS) Server at XXXXXXXXXXX Port 8083‍‍‍‍

la barre d'url contient

http://XXXXXXX-XXXXX:8083/examples/jsp/snp/snoop.jsp?ticket=ST-3-gpBPryE1FxiXIjK1oPxD-cas‍

je veux aussi ajouter que mon serveur CAS est dans un autre conteneur proxmox.

assarrar · ‎19 Oct 2010

[Message supprimé]