We use Apache mod_auth_cas with Alfresco 5.2.3 and Apereo CAS 5.2.4. This works very well and was straightforward to setup.
We have now built an ADF 2.6.1 application and are unsure about whether the process we are following to include our application in the CAS authentication is correct. We are doing the following:
We have made the changes in step 2 based on the documentation here alfresco-ng2-components/login.component.md at development · Alfresco/alfresco-ng2-components · GitHu... but are not entirely sure whether our understanding is correct.
We would be very grateful if someone could confirm whether the process we are following is correct.
Thanks,
Paul
We've done some more investigation about what we believe are Alfresco's plans to support CAS SSO. We know that Alfresco is supporting a new SSO authentication architecture built on Keycloak which is an OAUTH2 identity provider. We believe and hope that:
Based on the above assumption, we are now:
We found a great article by Martin Bergljung at https://community.alfresco.com/people/gravitonian/blog/2018/07/17/getting-started-with-alfresco-iden...
upon which we've based some of our assumptions.
Can anyone in the community advise us on whether our assumptions/approach for using CAS with our ADF application are valid?
Thanks,
Paul
Hi Paul is better if you use 6.1.0 Cs.
Hi Eugenio,
We had hoped to stay with 6.0 for the time being since this is what we have done most of our testing on.
We are getting the following error in the browser after the user is logged in and our ADF application is calling Alfresco's REST api:
Error: Uncaught (in promise): Error: {"error":{"errorKey":"framework.exception.ApiDefault","statusCode":401,"briefSummary":"01260004 Authorization 'Bearer' not supported.","stackTrace":"For security reasons the stack trace is no longer displayed, but the property is kept for previous versions","descriptionURL":"https://api-explorer.alfresco.com"}}
This looks like it is related to OAUTH2. Has anyone come across this problem before? Is it a known issue in 6.0 that is resolved in 6.1.0?
Thanks,
Paul
can you post your app.config.json here or in a gist?...I saw you have uploaded a zip but I prefer to not open zip from internet . thanks
Hi Eugenio,
The app.config.json is shown below (placeholders are replaced with the urls when we deploy). We have followed your suggestion and are now upgrading to 6.1. This is taking longer than we expected but we will shortly add a post to this forum if our cas integration is successful or not.
Thanks,
Paul
{
"$schema": "../node_modules/@alfresco/adf-core/app.config.schema.json",
"ecmHost": "https://@@DRUPAL_HUB_URL@@",
"bpmHost": "https://@@DRUPAL_HUB_URL@@",
"providers": "ECM",
"application": {
"name": "Health Hub Project Library"
},
"languages": [
{ "key": "en", "label": "English" },
{ "key": "fr", "label": "French" },
{ "key": "de", "label": "German" },
{ "key": "it", "label": "Italian" },
{ "key": "es", "label": "Spanish" },
{ "key": "ja", "label": "Japanese" },
{ "key": "nl", "label": "Dutch" },
{ "key": "pt-BR", "label": "Brazilian Portuguese" },
{ "key": "nb", "label": "Norwegian" },
{ "key": "ru", "label": "Russian" },
{ "key": "zh-CN", "label": "Simplified Chinese" }
],
"logLevel": "trace",
"authType": "OAUTH",
"oauth2": {
"host": "https://@@DRUPAL_HUB_URL@@/cas/oidc",
"clientId": "hhb-library",
"scope": "openid",
"secret": "ClientSecret",
"implicitFlow": true,
"silentLogin": true,
"redirectUri": "/hhb-library",
"redirectSilentIFrameUri": "https://@@DRUPAL_HUB_URL@@/cas/oidc/authorize",
"redirectUriLogout": "https://@@DRUPAL_HUB_URL@@/cas/logout"
}
}
Discussions, help and advice about the Alfresco Development Framework.
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.