AnsweredAssumed Answered

Alfresco cannot get CAS client's session variable from Share

Question asked by wenbin on Nov 13, 2014
Hi,

I use Alfresco community version 4.2.e, I've configured to use CAS to support SSO, both Alfresco and Share can login through CAS. After CAS authentication, CAS client will store current user's information in session , however when share call web scripts  to Alfresco repository, Alfresco cannot get CAS client stored session variable. How to let Alfresco get share's login information stored in session by CAS Client.

Here is my structure:
1. deployed CAS server in a separated tomcat instance
2. installed alfresco 4.2.e
3. changed alfresco-global.properties, share-config-custom.xml to support external SSO
4. deployed nginx + Https as alfresco's front end, and here is my nginx configuration:

proxy_cache_path /var/cache/nginx/alfresco levels=1 keys_zone=alfrescocache:256m max_size=512m inactive=1440m;
upstream alfresco_server {
server 127.0.0.1:8080;
}

server {
listen 8445 ssl;
server_name xxxx.com;
root /home/alfresco-4.2.e/tomcat/webapps/share;
index index.html index.htm;
rewrite ^/$    /share;
ssl            on;
ssl_client_certificate    /home/ssl/ca/ca-cert.pem;
ssl_certificate       /home/ssl/xxxx.com/server-cert.pem;
ssl_certificate_key   /home/ssl/xxxx.com/server-key.pem;
ssl_session_timeout  45m;

# Access to old Alfresco web client. Remove this location if not needed.
location /alfresco {
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco_server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}

location /share {
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;

#proxy_buffering off;
proxy_pass http://alfresco_server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}
location /share/proxy/alfresco {
# This section is for allowing to rewrite 50x response to 401 on Ajax req.
# This forces Share to reload page, and thus display maintenance page
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco_server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_intercept_errors on;
error_page 502 503 504 =401 /maintenance.html;
}
location /share/res/ {
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
proxy_pass http://alfresco_server;
proxy_set_header  Host $http_host;
proxy_cache alfrescocache;
proxy_cache_min_uses 1;
proxy_cache_valid  200 302 1440m;
proxy_cache_valid  404 1m;
proxy_cache_use_stale updating error timeout invalid_header http_500 http_502 http_503 http_504;
}
}


On browser, I can login into Alfresco and Share through CAS server's login page, however when user upload a file from Share, Alfresco cannot only get current user's name, cannot get Assersion variable, which is stored by CAS client' authentication filter in Share. How can I share this session variable to Alfresco from Share?

Thanks advanced!

Outcomes