3 Jul
2013
3 Jul
'13
3:30 p.m.
On Wed, Jul 3, 2013 at 2:26 PM, Guillaume Fenollar
<guillaume.fenollar(a)xwiki.com> wrote:
Hi,
Sorry I forgot to talk about the most important thing, I don't know what I
was thinking about when I wrote my first answer :-P
About XWiki part, you need to tell your wiki to accept any user that will
be given by Apache front-end, which will authenticate the users with *
libapache2-mod-auth-cas*.
To do this, you need to use a different authenticator, like this one :
https://github.com/xwiki-contrib/xwiki-authenticator-trusted-ldap
Build it and place it in you webapp (xwiki/WEB-INF/lib directory).
No need to build it anymore:
http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Tr…
;)
In *xwiki.cfg*, add this line:
xwiki.authentication.authclass=com.xwiki.authentication.trustedldap.TrustedLDAPAuthServiceImpl
Then, modify your Servlet Container application to leave the authentication
alone. If you're using tomcat, it's in you *server.xml*, you need to add in
each "Connector" block, the following option:
tomcatAuthentication="false"
Finally, configure your apache server. Here's a minimal conf you can use:
CASLoginURL https://sso.xwikisas.com/cas/login
CASValidateURL https://sso.xwikisas.com/cas/serviceValidate
CASValidateServer Off
CASTimeout 28800
CASIdleTimeout 14400
<Location "/xwiki/">
AuthType CAS
AuthName "CAS Server Auth"
CasScope /xwiki
Order allow,deny
require valid-user
Allow from 127.0.0.1
Satisfy Any
</Location>
This should work, after you restart everything (apache and tomcat)
This authenticator is good to use if you're already using CAS with LDAP
authentication (most of cases).
To resume, in this case, you're first authenticating the user through
Apache HTTPd to CAS (you get the login page if you don't have any
session/cookie), then the mod_auth_cas gives tomcat some data (which are
not altered because of tomcatAuthentication="false"), then XWiki use them
to retrieve the info (email, phone number... as you configured it in the
LDAP section of xwiki.cfg) from the LDAP server.
It's not something very trivial, but I tried to make it clear and short,
and I hope you'll understand.
Guillaume Fenollar
2013/7/3 Krejci Rudolf Ing. <krejci.r(a)chemosvit.sk>
--
Thomas Mortagne
Hi Guillaume
You are happy man :D. I don`t know how to setup XWiki to accept
authentification from apache CASScope
Pls, :D
Could you share your httpd.conf - CAS part and XWiki config?
Thx
Rudolf
----- Pôvodná správa -----
--------------------------------------------------------------------------
Táto správa a všetky pripojené súbory sú dôverné a určené
výhradne osobám alebo organizáciám, ktorým boli adresované. Ak nie ste
zamýšlaný príjemca alebo ste dostali tento e-mail omylom, prosím upozornite
okamžite odosielateľa a vymažte tento e-mail. Neoprávnené kopírovanie,
zverejnenie alebo distribúcia tohto e-mailu, je prísne zakázané.
This email and any attached file are confidential and intended solely for
the
use of the individual or entity to which they are addressed. If you are
not the
intended recipient or have received this e-mail by mistake, please notify
the
sender immediately and delete this e-mail. Any unauthorized copying,
disclosure
or distribution of this e-mail's content is strictly prohibited.
---------------------------------------------------------------------------
Pred vytlačením tohto e-mailu myslite na životné prostredie.
Please consider your environmental responsibility before printing this
e-mail
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users Odosielateľ: "Guillaume Fenollar"
<guillaume.fenollar(a)xwiki.com>
Príjemca: "XWiki Users" <users(a)xwiki.org>
Dátum: 02/07/2013 18:11
Predmet: Re: [xwiki-users] XWiki and Jasig CAS integration
Hi Rudolf,
I'm also trying to get XWiki work with Jasig CAS' SSO. In fact we're
using
mod_auth_cas for Apache, in front of our XWiki
instance. Everything is
running smoothly apart from an issue that appears randomly, sometime...
the
webserver returns no data, and I have to clean my
cookies to make it work
again. I'll try to really investigate this issue next time it happens.
There's nothing special to know about XWiki + CAS + mod_auth_cas, except
the CASScope, that is wise to set to '/xwiki' (or any other name for
XWiki
app, after the root '/'.
Don't hesitate to share your experience about CAS + XWiki with us!
Guillaume
2013/6/28 Krejci Rudolf Ing. <krejci.r(a)chemosvit.sk>
>
> Is it possible to integrate Jasig CAS (Central authentification
Service)
> to XWiki?
> We are using cas for our web infrastructure ( Lifreray, Alfresco and
Jira
> ) and we would like add XWiki.
>
>
>
> Thx
>
> Rudolf
>
>
>
>
>
>
--------------------------------------------------------------------------
> Táto správa a všetky pripojené súbory sú
dôverné a určené
> výhradne osobám alebo organizáciám, ktorým boli adresované. Ak nie ste
> zamýšlaný príjemca alebo ste dostali tento e-mail omylom, prosím
upozornite
> okamžite odosielateľa a vymažte tento
e-mail. Neoprávnené kopírovanie,
> zverejnenie alebo distribúcia tohto e-mailu, je prísne zakázané.
>
> This email and any attached file are confidential and intended solely
for
> the
> use of the individual or entity to which they are addressed. If you are
> not the
> intended recipient or have received this e-mail by mistake, please
notify
> the
> sender immediately and delete this e-mail. Any unauthorized copying,
> disclosure
> or distribution of this e-mail's content is strictly prohibited.
>
---------------------------------------------------------------------------
Pred vytlačením tohto e-mailu myslite na životné prostredie.
Please consider your environmental responsibility before printing this
e-mail
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users