Re: [xwiki-users] XWiki and Jasig CAS integration

On Wed, Jul 3, 2013 at 2:26 PM, Guillaume Fenollar &lt;guillaume.fenollar(a)xwiki.com&gt; wrote: > Hi, > > Sorry I forgot to talk about the most important thing, I don't know what I > was thinking about when I wrote my first answer :-P > > About XWiki part, you need to tell your wiki to accept any user that will > be given by Apache front-end, which will authenticate the users with * > libapache2-mod-auth-cas*. > To do this, you need to use a different authenticator, like this one : > https://github.com/xwiki-contrib/xwiki-authenticator-trusted-ldap > > Build it and place it in you webapp (xwiki/WEB-INF/lib directory). No need to build it anymore: http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Tr… ;) > In *xwiki.cfg*, add this line: > xwiki.authentication.authclass=com.xwiki.authentication.trustedldap.TrustedLDAPAuthServiceImpl > > Then, modify your Servlet Container application to leave the authentication > alone. If you're using tomcat, it's in you *server.xml*, you need to add in > each "Connector" block, the following option: > tomcatAuthentication="false" > > Finally, configure your apache server. Here's a minimal conf you can use: > >         CASLoginURL https://sso.xwikisas.com/cas/login >         CASValidateURL https://sso.xwikisas.com/cas/serviceValidate >         CASValidateServer Off >         CASTimeout 28800 >         CASIdleTimeout 14400 >         <Location "/xwiki/"> >                 AuthType CAS >                 AuthName "CAS Server Auth" >                 CasScope /xwiki >                 Order allow,deny >                 require valid-user >                 Allow from 127.0.0.1 >                 Satisfy Any >         </Location> > This should work, after you restart everything (apache and tomcat) > > This authenticator is good to use if you're already using CAS with LDAP > authentication (most of cases). > To resume, in this case, you're first authenticating the user through > Apache HTTPd to CAS (you get the login page if you don't have any > session/cookie), then the mod_auth_cas gives tomcat some data (which are > not altered because of tomcatAuthentication="false"), then XWiki use them > to retrieve the info (email, phone number... as you configured it in the > LDAP section of xwiki.cfg) from the LDAP server. > > It's not something very trivial, but I tried to make it clear and short, > and I hope you'll understand. > > Guillaume Fenollar > > > 2013/7/3 Krejci Rudolf Ing. &lt;krejci.r(a)chemosvit.sk&gt; > >> Hi Guillaume >> >> You are happy man :D. I don`t know how to setup XWiki to accept >> authentification from apache CASScope >> >> Pls, :D >> >> Could you share your httpd.conf - CAS part and XWiki config? >> >> >> Thx >> >> Rudolf >> >> >> ----- Pôvodná správa ----- >> > Odosielateľ: "Guillaume Fenollar" &lt;guillaume.fenollar(a)xwiki.com&gt; >> > Príjemca: "XWiki Users" &lt;users(a)xwiki.org&gt; >> > Dátum: 02/07/2013 18:11 >> > Predmet: Re: [xwiki-users] XWiki and Jasig CAS integration >> > >> > Hi Rudolf, >> > >> > I'm also trying to get XWiki work with Jasig CAS' SSO. In fact we're >> using >> > mod_auth_cas for Apache, in front of our XWiki instance. Everything is >> > running smoothly apart from an issue that appears randomly, sometime... >> the >> > webserver returns no data, and I have to clean my cookies to make it work >> > again. I'll try to really investigate this issue next time it happens. >> > There's nothing special  to know about XWiki + CAS + mod_auth_cas, except >> > the CASScope, that is wise to set to '/xwiki' (or any other name for >> XWiki >> > app, after the root '/'. >> > >> > Don't hesitate to share your experience about CAS + XWiki with us! >> > >> > Guillaume >> > >> > >> > 2013/6/28 Krejci Rudolf Ing. &lt;krejci.r(a)chemosvit.sk&gt; >> > >> > > >> > > Is it possible to integrate Jasig CAS (Central authentification >> Service) >> > > to XWiki? >> > > We are using cas for our web infrastructure ( Lifreray, Alfresco and >> Jira >> > > ) and we would like add XWiki. >> > > >> > > >> > > >> > > Thx >> > > >> > > Rudolf >> > > >> > > >> > > >> > > >> > > >> > > >> -------------------------------------------------------------------------- >> > > Táto správa a všetky pripojené súbory sú dôverné a určené >> > > výhradne osobám alebo organizáciám, ktorým boli adresované. Ak nie ste >> > > zamýšlaný príjemca alebo ste dostali tento e-mail omylom, prosím >> upozornite >> > > okamžite odosielateľa a vymažte tento e-mail. Neoprávnené kopírovanie, >> > > zverejnenie alebo distribúcia tohto e-mailu, je prísne zakázané. >> > > >> > > This email and any attached file are confidential and intended solely >> for >> > > the >> > > use of the individual or entity to which they are addressed. If you are >> > > not the >> > > intended recipient or have received this e-mail by mistake, please >> notify >> > > the >> > > sender immediately and delete this e-mail. Any unauthorized copying, >> > > disclosure >> > > or distribution of this e-mail's content is strictly prohibited. >> > > >> --------------------------------------------------------------------------- >> > > >> > > Pred vytlačením tohto e-mailu myslite na životné prostredie. >> > > Please consider your environmental responsibility before printing this >> > > e-mail >> > > >> > > _______________________________________________ >> > > users mailing list >> > > users(a)xwiki.org >> > > http://lists.xwiki.org/mailman/listinfo/users >> > > >> > _______________________________________________ >> > users mailing list >> > users(a)xwiki.org >> > http://lists.xwiki.org/mailman/listinfo/users >> >> >> >> -------------------------------------------------------------------------- >> Táto správa a všetky pripojené súbory sú dôverné a určené >> výhradne osobám alebo organizáciám, ktorým boli adresované. Ak nie ste >> zamýšlaný príjemca alebo ste dostali tento e-mail omylom, prosím upozornite >> okamžite odosielateľa a vymažte tento e-mail. Neoprávnené kopírovanie, >> zverejnenie alebo distribúcia tohto e-mailu, je prísne zakázané. >> >> This email and any attached file are confidential and intended solely for >> the >> use of the individual or entity to which they are addressed. If you are >> not the >> intended recipient or have received this e-mail by mistake, please notify >> the >> sender immediately and delete this e-mail. Any unauthorized copying, >> disclosure >> or distribution of this e-mail's content is strictly prohibited. >> --------------------------------------------------------------------------- >> >> Pred vytlačením tohto e-mailu myslite na životné prostredie. >> Please consider your environmental responsibility before printing this >> e-mail >> >> _______________________________________________ >> users mailing list >> users(a)xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > _______________________________________________ > users mailing list > users(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users