alfresco sso
DESCRIPTION
Alfresco LDAP and Single Sign On presentation slidesTRANSCRIPT
![Page 1: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/1.jpg)
Liferay, Alfresco, SSO and
LDAP – Full Integration
A generic solution of SSO plus LDAP against
- Liferay Portals and Alfresco portlets
- Alfresco (compliant) standalone applications
Jonas Yuan
July 18, 2007
![Page 2: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/2.jpg)
Agenda
1. Overview
2. LDAP & SSO
3. Filters in Action
4. Portlets In Action
5. Real Examples
6. Summary
![Page 3: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/3.jpg)
Liferay
Alfresco
LDAP
SSO
Authentication
Portlet
Alfresco
SSO 2
CampusDocs
Authentication
SSO 1SSO 4
SSO 3
![Page 4: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/4.jpg)
What is LDAP?
LDAP = Lightweight Directory AccessProtocol
• An application protocol for querying andmodifying directory services running overTCP/IP.
• A Directory Information Tree (DIT) isdata represented in a hierarchical tree-like structure consisting of theDistinguished names (DNs) of thedirectory entries.
![Page 5: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/5.jpg)
What is SSO?
SSO = Single Sign-On
• Single sign-on (SSO) is a method ofaccess control that enables a user toauthenticate once and gain access to theresources of multiple software systems.
• The JA-SIG Central AuthenticationService (CAS) is an open single sign-onservice that allows web applications theability to defer all authentication to atrusted central server or servers.
![Page 6: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/6.jpg)
Filters In Action
• Enhanced SSOFilter
• Authenticating SSOServer with LDAP
• Enhanced validatingURL in SSO Server
• Authenticating withLDAP
• Log-in Automatically
• E. g. SSO 1, 2, 3LDAP
SSO
Session Manager
FILTER
![Page 7: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/7.jpg)
Enhanced SSO Filter
• <filter><filter-name>CAS Filter</filter-name>
• <filter-class>com.cignex.filters.sso.cas.CASFilter</filter-class>
• <init-param>
• <param-name>cas_server_url</param-name>
• <param-value>https://docs.cignex.com/cas-web</param-value>
• </init-param>
• <init-param>
• <param-name>service_path</param-name>
• <param-value>/index.jsp</param-value>
• </init-param>
• <init-param>
• <param-name>application_type</param-name>
• <param-value>alfresco</param-value>
• </init-param></filter>
• <filter-mapping><filter-name>CAS Filter</filter-name><url-pattern>/index.jsp</url-pattern></filter-mapping>
• <filter-mapping><filter-name>CAS Filter</filter-name><url-pattern>/logout</url-pattern></filter-mapping>
![Page 8: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/8.jpg)
Authenticating SSO with LDAP
• Add Adaptors - LDAP Authentication
• Configure LDAP server with LDAP server
• <bean id="contextSource"class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
• <property name="urls">
• <list>
• <value>ldap://docs.cignex.com:10389</value>
• </list>
• </property>
• </bean>
![Page 9: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/9.jpg)
Enhanced validating URL in SSO
Server• public static String retrieve(String url) throws IOException {
• …
• BufferedReader r = null;
• try {
url = url.replace("https://", "http://"); //add• URL u = new URL(url);
• URLConnection uc = u.openConnection();
• uc.setRequestProperty("Connection", "close");
• r = new BufferedReader(new InputStreamReader(uc.getInputStream()));
• String line;
• StringBuffer buf = new StringBuffer();
• while ((line = r.readLine()) != null)
• buf.append(line + "\n");
• return buf.toString();
• } finally {
• … }
• }
![Page 10: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/10.jpg)
Authenticating with LDAP
• Configurable• <bean id="ldapExtInitialDirContextFactory"
class="com.cignex.portal.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
• <property name="initialDirContextEnvironment">
• <map>
• <!-- The LDAP provider -->
• <entry key="java.naming.factory.initial">
• <value>com.sun.jndi.ldap.LdapCtxFactory</value>
• </entry>
•
<entry key="java.naming.provider.url">
• <value>ldap://docs.cignex.com:10389</value>
• </entry>
•
<entry key="java.naming.security.authentication">
• <value>simple</value>
• </entry>
• …
</map>
• </property>
• </bean>
![Page 11: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/11.jpg)
Log-in Automatically
• Reuse log-in mechanism of different
applications – Liferay Portal, Alfresco,
CampusDocs.
• One Interface, many implementations
• Initialize applications
• Redirection
![Page 12: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/12.jpg)
Portlets In Action
• Loading portlet
• Tracing current
user from Filter
• Authenticating
portlet with LDAP
• Log-in
Automatically
• E.g. SSO 4 LDAP
SSO
FILTER
PORTLETS
![Page 13: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/13.jpg)
Generic Portlet Interface
Portlet
JSON
Portlet
MyFaces
Portlet
ICEFaces
Portlet
…
Portlet
![Page 14: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/14.jpg)
Authenticating Portlet with LDAP
• Configurable & Reusable•
• <!-- Single Sign On Authentication -->
• <bean name="ssoExtAuthenticationContext"class="com.cignex.portal.security.authentication.sso.SSOAuthenticationContext" >
• <property name="allowSingleSignOn">
• <value>true</value>
• </property>
• <property name="filter">
• <value>CAS_SSO</value>
• </property>
• </bean>
![Page 15: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/15.jpg)
Log-in Automatically
• Reuse log-in mechanism of different
portlets – Alfresco (MyFaces),
CampusDocs (ICEfaces).
• One Interface, multiple implementations
• Initialize portlet
• Trace session & context – Portlet &
Servlet
• Redirection
![Page 16: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/16.jpg)
Real Examples
1. SSO CAS plus LDAP ADS against
Alfresco Standalone Application (v 2.0.1)
2. SSO CAS plus LDAP ADS against
Alfresco Compliant Standalone
Application
3. SSO CAS plus LDAP ADS against
Liferay Portal (4.3) and Alfresco Portlet
(v 2.0.1)
![Page 17: Alfresco SSO](https://reader031.vdocuments.mx/reader031/viewer/2022012307/552964ef550346522e8b475f/html5/thumbnails/17.jpg)
Summary
A generic solution of SSO CAS plus LDAPADS against
• Alfresco Standalone Application (v 2.0.1)
• Alfresco Compliant Standalone Application
• Liferay Portal (4.3) and Alfresco Portlet (v2.1)
Instructions for Do-It-Yourselfers
Sources - http://liferay.cignex.com
Q & A