Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-6144

Share + CAS SSO: Could not resolve view error appears when log in to share.

    Details

    • Bug Priority:
      Category 1

      Description

      Alfresco Enterprise 3.4.10 b676

      Pre-Conditions:
      1. Set up CAS server according to http://www.ja-sig.org/wiki/display/CASUM/Demo. I did steps 1 - 9.

      2. Install alfresco from installer on remote machine and execute step13 from the same manual. Next steps concernes tomcat with alfresco.

      3. Create tomcat/conf/custom-user-roles.properties that contains ure users like:
      admin=role
      operator=role
      deployer=role

      4. Put the following Realm and Authenticator Valve to alfresco's tomcat/conf/context.xml, so it will match the following sample.
      <Context useHttpOnly="false">
      <!-- <Valve className="org.apache.catalina.authenticator.SSLAuthenticator" securePagesWithPragma="false" /> -->
      <WatchedResource>WEB-INF/web.xml</WatchedResource>
      <Realm
      className="org.jasig.cas.client.tomcat.v6.PropertiesCasRealm"
      propertiesFilePath="conf/custom-user-roles.properties"
      />
      <Valve
      className="org.jasig.cas.client.tomcat.v6.Cas20CasAuthenticator"
      encoding="UTF-8"
      casServerLoginUrl="https://cas:8443/cas/login"
      casServerUrlPrefix="https://cas:8443/cas/"
      serverName="alfresco:8080"
      />

      <!-- Single sign-out support -->
      <Valve className="org.jasig.cas.client.tomcat.v6.SingleSignOutValve" artifactParameterName="SAMLart" />
      </Context>

      5. Make sure that you have properly set ssl connector in tomcat/conf/server.xml. In my case:
      <Connector port="8443" maxHttpHeaderSize="8192"
      maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
      enableLookups="false" disableUploadTimeout="true"
      acceptCount="100" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS"
      SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol"
      keystoreFile="C:/Documents and Settings/Administrator/.keystore"
      keystorePass="changeit"
      truststoreFile="C:/temp/3.4.10/b676/cas_domain/java/jre/lib/security/cacerts" />

      6. Download JA-SIG CAS client and build the following libs: cas-client-core-3.2.1.jar, cas-client-integration-tomcat-common-3.2.1.jar, cas-client-integration-tomcat-v6-3.2.1.jar and put them to tomcat/lib with their dependencies.

      7. Add the following to alfresco.war/WEB-INF/web.xml after resource-ref block (accordingly to 2.3 DTD requirements):
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>CAS Protected Pages</web-resource-name>
      <url-pattern>/faces/*</url-pattern>
      </web-resource-collection>

      <auth-constraint>
      <role-name>*</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>CAS Authentication</realm-name>
      </login-config>

      <security-role>
      <role-name>role</role-name>
      </security-role>

      8. Add the following to share.war/WEB-INF/web.xml after resource-ref block:
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>CAS Protected Pages</web-resource-name>
      <url-pattern>/p/*</url-pattern>
      <url-pattern>/page/*</url-pattern>
      <url-pattern>/proxy/*</url-pattern>
      </web-resource-collection>

      <auth-constraint>
      <role-name>*</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>CAS Authentication</realm-name>
      </login-config>

      <security-role>
      <role-name>role</role-name>
      </security-role>

      9. Update alfresco-global.properties with
      authentication.chain=MySso:external
      external.authentication.proxyUserName=
      external.authentication.proxyHeader=SsoUserHeader

      10. Update share connector: Copy share-config-custom.xml.sample into...\tomcat\shared\classes\alfresco\web-extension and remove the .sample from the name. Uncomment the last two elements: "example port config" and "Overriding endpoints" and specify the correct urls there.

      11. Start alfresco.

      Steps:
      1. Clear browsers cache and cookies.

      2. Open share url like http://alfresco:8080/share

      3. Provide admin user credentials at CAS login page

      Bug: Error page appears when user was redirected to alfresco site:
      A server error has occurred.

      There are a number of reasons why this could have happened:

      You have attempted to access a page that does not exist - check the URL in the address bar.
      You have attempted to access a page that is not accessable to you, such as a private Site dashboard.
      A valid page has been requested but the server was unable to render it due to an internal error - contact your administrator.

      4. Select Return to your dashboard page link
      Result: Administrator Dashboard page opens

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                closedbugs Closed Bugs
                Reporter:
                oalexandrov oalexandrov
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 7 hours
                  2d 7h