ADF 2.6.1 Application and CAS

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
pcharsle
Active Member II

ADF 2.6.1 Application and CAS

We use Apache mod_auth_cas with Alfresco 5.2.3 and Apereo CAS 5.2.4. This works very well and was straightforward to setup.

We have now built an ADF 2.6.1 application and are unsure about whether the process we are following to include our application in the CAS authentication is correct. We are doing the following:

  1. Configure our CAS server to also act as an OAUTH2 OIDC provider
  2. Add oauth2 settings to the app.config.json file (attached) which point to our CAS server/OAUTH2 provider
  3. Deal with any CORS issues as described in these forums

We have made the changes in step 2 based on the documentation here alfresco-ng2-components/login.component.md at development · Alfresco/alfresco-ng2-components · GitHu...  but are not entirely sure whether our understanding is correct.

We would be very grateful if someone could confirm whether the process we are following is correct.

Thanks,

Paul

5 Replies
pcharsle
Active Member II

Re: ADF 2.6.1 Application and CAS

We've done some more investigation about what we believe are Alfresco's plans to support CAS SSO. We know that Alfresco is supporting a new SSO authentication architecture built on Keycloak which is an OAUTH2 identity provider. We believe and hope that:

  • Alfresco's new authentication architecture will support the use of other OAUTH2 identity providers (not just Keycloak)

Based on the above assumption, we are now:

  • Configuring our CAS server to act as an OAUTH2 provider
  • Upgrading to ACS version 6.0. We believe this is necessary since in the OAUTH2 process the ACS acts as a Resource Server which will need to contact the OAUTH2 identity provider to verify an access token. We think that the code to do this is not present in version 5.2.x and has only been added in 6.0

We found a great article by Martin Bergljung at https://community.alfresco.com/people/gravitonian/blog/2018/07/17/getting-started-with-alfresco-iden... 

upon which we've based some of our assumptions.

Can anyone in the community advise us on whether our assumptions/approach for using CAS with our ADF application are valid?

Thanks,

Paul

Moderator
Moderator

Re: ADF 2.6.1 Application and CAS

Hi Paul is better if you use 6.1.0 Cs.

pcharsle
Active Member II

Re: ADF 2.6.1 Application and CAS

Hi Eugenio,

We had hoped to stay with 6.0 for the time being since this is what we have done most of our testing on.

We are getting the following error in the browser after the user is logged in and our ADF application is calling Alfresco's REST api:

Error: Uncaught (in promise): Error: {"error":{"errorKey":"framework.exception.ApiDefault","statusCode":401,"briefSummary":"01260004 Authorization 'Bearer' not supported.","stackTrace":"For security reasons the stack trace is no longer displayed, but the property is kept for previous versions","descriptionURL":"https://api-explorer.alfresco.com"}}

This looks like it is related to OAUTH2. Has anyone come across this problem before? Is it a known issue in 6.0 that is resolved in 6.1.0?

Thanks,

Paul

Moderator
Moderator

Re: ADF 2.6.1 Application and CAS

can you post your app.config.json here or in a gist?...I saw you have uploaded a zip but I prefer to not open zip from internet Smiley Happy. thanks

pcharsle
Active Member II

Re: ADF 2.6.1 Application and CAS

Hi Eugenio,

The app.config.json is shown below (placeholders are replaced with the urls when we deploy). We have followed your suggestion and are now upgrading to 6.1. This is taking longer than we expected but we will shortly add a post to this forum if our cas integration is successful or not.

Thanks,

Paul

{   
"$schema": "../node_modules/@alfresco/adf-core/app.config.schema.json",
"ecmHost": "https://@@DRUPAL_HUB_URL@@",
"bpmHost": "https://@@DRUPAL_HUB_URL@@",
"providers": "ECM",
"application": {
"name": "Health Hub Project Library"
},
"languages": [
{ "key": "en", "label": "English" },
{ "key": "fr", "label": "French" },
{ "key": "de", "label": "German" },
{ "key": "it", "label": "Italian" },
{ "key": "es", "label": "Spanish" },
{ "key": "ja", "label": "Japanese" },
{ "key": "nl", "label": "Dutch" },
{ "key": "pt-BR", "label": "Brazilian Portuguese" },
{ "key": "nb", "label": "Norwegian" },
{ "key": "ru", "label": "Russian" },
{ "key": "zh-CN", "label": "Simplified Chinese" }
],
"logLevel": "trace",
"authType": "OAUTH",
"oauth2": {
"host": "https://@@DRUPAL_HUB_URL@@/cas/oidc",
"clientId": "hhb-library",
"scope": "openid",
"secret": "ClientSecret",
"implicitFlow": true,
"silentLogin": true,
"redirectUri": "/hhb-library",
"redirectSilentIFrameUri": "https://@@DRUPAL_HUB_URL@@/cas/oidc/authorize",
"redirectUriLogout": "https://@@DRUPAL_HUB_URL@@/cas/logout"
}
}