Difference between revisions of "Central Authentication Service - OpenKM 5.1"

From OpenKM Documentation
Jump to: navigation, search
Line 1: Line 1:
 
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
 
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
 +
 +
Once you have the CAS server up and running it is easy to set SSO in OpenKM. I wanted to keep basic authentication for the WebDav part that is why the filter mapping is complicated. I did the following changes in OpenKM:
 +
 +
In server/default/deploy/OpenKM.war/WEB-INF/web.xml:
 +
 +
<source lang="xml">
 +
  <!-- CAS SSO-->
 +
  <!-- Facilitates CAS single sign-out -->
 +
  <listener>
 +
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
 +
  </listener>
 +
 +
  <!-- Following is needed only if CAS single-sign out is desired -->
 +
  <filter>
 +
    <filter-name>CAS Single Sign Out Filter</filter-name>
 +
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
 +
  </filter>
 +
 +
  <!-- Only 2 CAS filters are required for JAAS support -->
 +
  <context-param>
 +
    <param-name>service</param-name>
 +
    <param-value>https://openkm.chronossoftware.com/OpenKM</param-value>
 +
  </context-param>
 +
  <context-param>
 +
    <param-name>casServerLoginUrl</param-name>
 +
    <param-value>https://openkm.chronossoftware.com/cas/login</param-value>
 +
  </context-param>
 +
 +
  <filter>
 +
    <filter-name>CASWebAuthenticationFilter</filter-name>
 +
    <filter-class>org.jasig.cas.client.jboss.authentication.WebAuthenticationFilter</filter-class>
 +
  </filter>
 +
  <filter>
 +
    <filter-name>CASAuthenticationFilter</filter-name>
 +
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
 +
  </filter>
 +
 +
  <!-- CAS client filter mappings -->
 +
  <!-- The order of the following filters is vitally important -->
 +
  <filter-mapping>
 +
    <filter-name>CAS Single Sign Out Filter</filter-name>
 +
    <url-pattern>*.jsp</url-pattern>
 +
 +
    <!-- GWT -->
 +
    <url-pattern>/frontend/*</url-pattern>
 +
 +
    <!-- JSPs -->
 +
    <url-pattern>/admin/*</url-pattern>
 +
    <url-pattern>/mobile/*</url-pattern>
 +
    <url-pattern>/mobile-nt/*</url-pattern>
 +
 +
    <!-- Servlets -->
 +
    <url-pattern>/RepositoryStartup</url-pattern>
 +
    <url-pattern>/TextToSpeech</url-pattern>
 +
    <url-pattern>/Test</url-pattern>
 +
    <url-pattern>/frontend/*</url-pattern>
 +
    <url-pattern>/extension/*</url-pattern>
 +
    <!--url-pattern>/*</url-pattern-->
 +
  </filter-mapping>
 +
  <filter-mapping>
 +
    <filter-name>CASWebAuthenticationFilter</filter-name>
 +
    <url-pattern>*.jsp</url-pattern>
 +
 +
    <!-- GWT -->
 +
    <url-pattern>/frontend/*</url-pattern>
 +
 +
    <!-- JSPs -->
 +
    <url-pattern>/admin/*</url-pattern>
 +
    <url-pattern>/mobile/*</url-pattern>
 +
    <url-pattern>/mobile-nt/*</url-pattern>
 +
 +
    <!-- Servlets -->
 +
    <url-pattern>/RepositoryStartup</url-pattern>
 +
    <url-pattern>/TextToSpeech</url-pattern>
 +
    <url-pattern>/Test</url-pattern>
 +
    <url-pattern>/frontend/*</url-pattern>
 +
    <url-pattern>/extension/*</url-pattern>
 +
 +
    <!--url-pattern>/*</url-pattern-->
 +
  </filter-mapping>
 +
  <filter-mapping>
 +
    <filter-name>CASAuthenticationFilter</filter-name>
 +
    <url-pattern>*.jsp</url-pattern>
 +
 +
    <!-- GWT -->
 +
    <url-pattern>/frontend/*</url-pattern>
 +
 +
    <!-- JSPs -->
 +
    <url-pattern>/admin/*</url-pattern>
 +
    <url-pattern>/mobile/*</url-pattern>
 +
    <url-pattern>/mobile-nt/*</url-pattern>
 +
 +
    <!-- Servlets -->
 +
    <url-pattern>/RepositoryStartup</url-pattern>
 +
    <url-pattern>/TextToSpeech</url-pattern>
 +
    <url-pattern>/Test</url-pattern>
 +
    <url-pattern>/frontend/*</url-pattern>
 +
    <url-pattern>/extension/*</url-pattern>
 +
 +
    <!--url-pattern>/*</url-pattern-->
 +
  </filter-mapping>
 +
  <!-- /CAS SSO -->
 +
</source>

Revision as of 17:51, 3 October 2011

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

Once you have the CAS server up and running it is easy to set SSO in OpenKM. I wanted to keep basic authentication for the WebDav part that is why the filter mapping is complicated. I did the following changes in OpenKM:

In server/default/deploy/OpenKM.war/WEB-INF/web.xml:

  <!-- CAS SSO-->
  <!-- Facilitates CAS single sign-out -->
  <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
  </listener>

  <!-- Following is needed only if CAS single-sign out is desired -->
  <filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
  </filter>

  <!-- Only 2 CAS filters are required for JAAS support -->
  <context-param>
    <param-name>service</param-name>
    <param-value>https://openkm.chronossoftware.com/OpenKM</param-value>
  </context-param>
  <context-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>https://openkm.chronossoftware.com/cas/login</param-value>
  </context-param>

  <filter>
    <filter-name>CASWebAuthenticationFilter</filter-name>
    <filter-class>org.jasig.cas.client.jboss.authentication.WebAuthenticationFilter</filter-class>
  </filter>
  <filter>
    <filter-name>CASAuthenticationFilter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  </filter>

  <!-- CAS client filter mappings -->
  <!-- The order of the following filters is vitally important -->
  <filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>*.jsp</url-pattern>

    <!-- GWT -->
    <url-pattern>/frontend/*</url-pattern>

    <!-- JSPs -->
    <url-pattern>/admin/*</url-pattern>
    <url-pattern>/mobile/*</url-pattern>
    <url-pattern>/mobile-nt/*</url-pattern>

    <!-- Servlets -->
    <url-pattern>/RepositoryStartup</url-pattern>
    <url-pattern>/TextToSpeech</url-pattern>
    <url-pattern>/Test</url-pattern>
    <url-pattern>/frontend/*</url-pattern>
    <url-pattern>/extension/*</url-pattern>
    <!--url-pattern>/*</url-pattern-->
  </filter-mapping>
  <filter-mapping>
    <filter-name>CASWebAuthenticationFilter</filter-name>
    <url-pattern>*.jsp</url-pattern>

    <!-- GWT -->
    <url-pattern>/frontend/*</url-pattern>

    <!-- JSPs -->
    <url-pattern>/admin/*</url-pattern>
    <url-pattern>/mobile/*</url-pattern>
    <url-pattern>/mobile-nt/*</url-pattern>

    <!-- Servlets -->
    <url-pattern>/RepositoryStartup</url-pattern>
    <url-pattern>/TextToSpeech</url-pattern>
    <url-pattern>/Test</url-pattern>
    <url-pattern>/frontend/*</url-pattern>
    <url-pattern>/extension/*</url-pattern>

    <!--url-pattern>/*</url-pattern-->
  </filter-mapping>
  <filter-mapping>
    <filter-name>CASAuthenticationFilter</filter-name>
    <url-pattern>*.jsp</url-pattern>

    <!-- GWT -->
    <url-pattern>/frontend/*</url-pattern>

    <!-- JSPs -->
    <url-pattern>/admin/*</url-pattern>
    <url-pattern>/mobile/*</url-pattern>
    <url-pattern>/mobile-nt/*</url-pattern>

    <!-- Servlets -->
    <url-pattern>/RepositoryStartup</url-pattern>
    <url-pattern>/TextToSpeech</url-pattern>
    <url-pattern>/Test</url-pattern>
    <url-pattern>/frontend/*</url-pattern>
    <url-pattern>/extension/*</url-pattern>

    <!--url-pattern>/*</url-pattern-->
  </filter-mapping>
  <!-- /CAS SSO -->