Alfresco SSO with Cookie

I want to integrate Alfresco with my current login system (which is an LDAP server). I can successfully integrate LDAP authentication, but I want to use an external login page and Alfresco read a cookie to log in the user (the cookie will contain a username and a key that can be used to verify that they are logged in with the LDAP server).

I looked at an example that came with the SDK, but there seems to be no way to log in without a password.

I studied the external authentication subsystem and saw the CAS manual, but it seems like a lot of noise, and I'm not sure that I understand everything that is happening, or why all this is necessary for my situation.

After searching the Exernal subsystem, I saw that it uses "SimpleAcceptOrRejectAllAuthenticationComponentImpl", which overrides the authentication function. In this function, it authenticates the user through the "setCurrentUser" function, but relies on the "accept" value set to true. I went through the Alfresco source and looked at the files in the WEB-INF / classes / alfresco / subsystems / Authentication / external section, but I could not find out how the setAccept function was called. After some googling, I found this example .

It looks like they are setting up a filter that registers the user through the SimpleAcceptOrRejectAllAuthenticationComponentImpl object, where they explicitly call setAccept (true). I have not tried this yet, but their wiki says that the web.xml file needs to be edited, something that Alfresco Dev said in another post was not needed after Alfresco v3.2 (I use v3.4.3). Is this the right way down?

I heard that another idea would be to write my own Authenticator subsystem, but I donโ€™t see any documents in it, and, not knowing how the setAccept function is called for the external subsystem, I feel d shoot in the dark.

Any thoughts on how to log in to a user based on a cookie created by an external webapp (which is in the same domain - I was able to read a cookie, I just don't know how to authenticate a user without a password)?

+1
source share
1 answer

I decided that I would send a solution to everyone who had the same problem.

Step 1. Create a filter that will be executed when someone tries to hit one of your URLs. Once the filter is created, compile and pack it into a jar, and then place this jar inside alfresco.war and share.war (in the "WEB-INF / lib" folder). Here is a skeletal version of what the filter code will look like:

package sample.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpSession; public class SSOIntegrationFilter implements Filter { private static final String PARAM_REMOTE_USER = "remoteUser"; private static final String SESS_PARAM_REMOTE_USER = SSOIntegrationFilter.class.getName() + '.' + PARAM_REMOTE_USER; @Override public void init(FilterConfig arg0) throws ServletException {} @Override public void destroy() {} @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) req; String remoteUser = proprieterayUserIdValidationAndExtractionMethod(req.getParameter(PARAM_REMOTE_USER)); // We've successfully authenticated the user. Remember their ID for next time. if (remoteUser != null) { HttpSession session = httpServletRequest.getSession(); session.setAttribute(SESS_PARAM_REMOTE_USER, remoteUser); } chain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { @Override public String getRemoteUser() { return (String) getSession().getAttribute(SESS_PARAM_REMOTE_USER); } }, res); } private String proprieterayUserIdValidationAndExtractionMethod(String param) { return "admin"; // who to login as, replace with your cookie login code } } 

Step 2. Configure the web.xml file so that tomcat recognizes this filter (mine was located in / usr / share / tomcat / conf).

 <filter> <filter-name>Demo Filter</filter-name> <filter-class>sample.filter.SSOIntegrationFilter</filter-class> </filter> <filter-mapping> <filter-name>Demo Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 

Step 3. Make the following changes to your share-config-custom.xml file (should be located in the shared folder): http://docs.alfresco.com/3.4/index.jsp?topic=%2Fcom.alfresco.Enterprise_3_4_0. doc% 2Ftasks% 2Fauth-alfrescontlm-sso.html

Step 4: update the alfresco-global.properties file with the following information:

 authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm external.authentication.proxyUserName=X-Alfresco-Remote-User 

Then run Alfresco and try. Hope this puts you on the right track.

+4
source

Source: https://habr.com/ru/post/1269067/


All Articles