AnsweredAssumed Answered

CAS integration, 5.0.d, keystore is unused ?

Question asked by sebdavid on Apr 30, 2015
Latest reply on Jul 3, 2015 by sebdavid
Hello,

I'm working with alfresco community 5.0.d.

I'm trying to integrate Alfresco + Share with a CAS system. I followed the documentation instructions from http://docs.alfresco.com/community/concepts/alf-modauthcas-home.html. Actually, I have the same configuration : 2 servers, one with apache and the CAS, and the other with Alfresco and Share.

The CAS authentication works well :
- I can log in via the CAS form when accessing to http://host/alfresco, and /examples
- If I add the alfresco-system.p12 certificate to my browser, I'm automatically authenticated as "alfresco-system" : I can see it when accessing to the example page http://host/examples/jsp/snp/snoop.jsp, and in the CAS logs I can see
[org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - Certificate found in request.


The problem is the communication between Share and Alfresco. From the documentation, I understand that the alfresco-system.p12 certificate should be used by the share, to communicate with Alfresco. But it doesn't. When accessing http://host/share, I can authenticate through the CAS form, but then when the share send requests to Alfresco, it is not authenticated and it fails because the CAS form is returned in the responses. It appears that the certificate is not sent as I can view that in the CAS logs :
[org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - Certificates not found in request


When digging in the code, we found the class <a href="https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/COMMUNITYTAGS/V5.0.d/root/projects/surf/spring-webscripts/spring-webscripts/src/main/java/org/springframework/extensions/config/RemoteConfigElement.java">RemoteConfigElement</a>. There is a REMOTE_KEYSTORE attribute which is unused. So maybe the problem comes from there ?

Do you have any clue on it ? Any information ?
Could you explain how the alfresco-system.p12 certificate, located in "tomcat/shared/classes/alfresco/web-extension", should be processed ? Because when we specify a dummy name in share-config-custom.xml, it does nothing ! No exception such as FileNotFound or whatever is thrown.

Thank you in advance for your response.

Sebastien.

Outcomes