Hi,
I was using OpenKM (5.1.10) with cas-client (and ldap) without problem; the client application was on Jboss Server.
Now i'd like to install OpenKM 6.2 with Tomcat.
I try to apply the old configuration to the new but having some trouble (the ldap part is operational, but not the auth via CAS-client). The cas server is unchanged.
With Jboss i used to change the file :
server/default/conf/login-config.xml
With this modification :
WEB-INF/web.xml
with that modification :
Now with Tomcat i'm little bit lost...
so, I don't know how to adapt this file :
I've tried lot of things but without success,
Someone have an idee ?
regards,
Michael.
I was using OpenKM (5.1.10) with cas-client (and ldap) without problem; the client application was on Jboss Server.
Now i'd like to install OpenKM 6.2 with Tomcat.
I try to apply the old configuration to the new but having some trouble (the ldap part is operational, but not the auth via CAS-client). The cas server is unchanged.
With Jboss i used to change the file :
server/default/conf/login-config.xml
With this modification :
Code: Select all
and this file : <application-policy name="OpenKM">
<authentication>
<login-module code="org.jasig.cas.client.jaas.CasLoginModule" flag="required">
<module-option name="ticketValidatorClass">org.jasig.cas.client.validation.Saml11TicketValidator</module-option>
<module-option name="casServerUrlPrefix">https://URL:8443/cas/</module-option>
<module-option name="service">https://URL:8443/OpenKM/</module-option>
<module-option name="defaultRoles">UserRole</module-option>
<module-option name="roleAttributeNames">roleAttributeNames</module-option>
<module-option name="principalGroupName">CallerPrincipal</module-option>
<module-option name="roleGroupName">Roles</module-option>
<module-option name="cacheAssertions">true</module-option>
<module-option name="tolerance">20000</module-option>
<module-option name="cacheTimeout">480</module-option>
</login-module>
</authentication>
</application-policy>
WEB-INF/web.xml
with that modification :
Code: Select all
And all was OK.<!-- CAS SSO-->
<!-- Facilitates CAS single sign-out -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- Following is needed only if CAS single-sign out is desired -->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<!-- Only 2 CAS filters are required for JAAS support -->
<context-param>
<param-name>service</param-name>
<param-value>https://URL:8443/OpenKM</param-value>
</context-param>
<context-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://URL:8443/cas/login</param-value>
</context-param>
<filter>
<filter-name>CASWebAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.jboss.authentication.WebAuthenticationFilter</filter-class>
</filter>
<filter>
<filter-name>CASAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
</filter>
<!-- CAS client filter mappings -->
<!-- The order of the following filters is vitally important -->
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
<!-- GWT -->
<url-pattern>/frontend/*</url-pattern>
<!-- JSPs -->
<url-pattern>/admin/*</url-pattern>
<url-pattern>/mobile/*</url-pattern>
<url-pattern>/mobile-nt/*</url-pattern>
<!-- Servlets -->
<url-pattern>/RepositoryStartup</url-pattern>
<url-pattern>/TextToSpeech</url-pattern>
<url-pattern>/Test</url-pattern>
<url-pattern>/frontend/*</url-pattern>
<url-pattern>/extension/*</url-pattern>
<!--url-pattern>/*</url-pattern-->
</filter-mapping>
<filter-mapping>
<filter-name>CASWebAuthenticationFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
<!-- GWT -->
<url-pattern>/frontend/*</url-pattern>
<!-- JSPs -->
<url-pattern>/admin/*</url-pattern>
<url-pattern>/mobile/*</url-pattern>
<url-pattern>/mobile-nt/*</url-pattern>
<!-- Servlets -->
<url-pattern>/RepositoryStartup</url-pattern>
<url-pattern>/TextToSpeech</url-pattern>
<url-pattern>/Test</url-pattern>
<url-pattern>/frontend/*</url-pattern>
<url-pattern>/extension/*</url-pattern>
<!--url-pattern>/*</url-pattern-->
</filter-mapping>
<filter-mapping>
<filter-name>CASAuthenticationFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
<!-- GWT -->
<url-pattern>/frontend/*</url-pattern>
<!-- JSPs -->
<url-pattern>/admin/*</url-pattern>
<url-pattern>/mobile/*</url-pattern>
<url-pattern>/mobile-nt/*</url-pattern>
<!-- Servlets -->
<url-pattern>/RepositoryStartup</url-pattern>
<url-pattern>/TextToSpeech</url-pattern>
<url-pattern>/Test</url-pattern>
<url-pattern>/frontend/*</url-pattern>
<url-pattern>/extension/*</url-pattern>
<!--url-pattern>/*</url-pattern-->
</filter-mapping>
<!-- /CAS SSO -->
Now with Tomcat i'm little bit lost...
so, I don't know how to adapt this file :
Code: Select all
And the web.xml : <security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://URL:389/ou=service,dc=domaine,dc=fr"/>
<beans:property name="userDn" value="cn=admin,dc=domaine,dc=fr"/>
<beans:property name="password" value="PASSWORD"/>
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch" ref="userSearch"></beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource"/>
<beans:constructor-arg value="ou=groups"/>
<beans:property name="groupSearchFilter" value="memberUid={1}"/>
<beans:property name="groupRoleAttribute" value="cn"/>
<beans:property name="searchSubtree" value="true" />
<beans:property name="convertToUpperCase" value="true" />
<beans:property name="rolePrefix" value="" />
<beans:property name="defaultRole" value="ROLE_USER" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="ou=people" />
<beans:constructor-arg index="1" value="cn={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
Code: Select all
<jsp-config>
<taglib>
<taglib-uri>http://www.openkm.com/tags/utils</taglib-uri>
<taglib-location>/WEB-INF/tlds/utils.tld</taglib-location>
</taglib>
</jsp-config>
<!-- Filters -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>WebDAVFilter</filter-name>
<filter-class>com.openkm.webdav.WebDAVFilter</filter-class>
</filter>
<filter>
<filter-name>UploadThrottleFilter</filter-name>
<filter-class>com.openkm.servlet.frontend.UploadThrottleFilter</filter-class>
</filter>
<!-- Filter Mappings -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WebDAVFilter</filter-name>
<url-pattern>/webdav/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>UploadThrottleFilter</filter-name>
<url-pattern>/frontend/FileUpload</url-pattern>
</filter-mapping>
<!-- Listeners -->
<listener>
<listener-class>com.openkm.servlet.SessionListener</listener-class>
</listener>
<listener>
<listener-class>org.apache.commons.fileupload.servlet.FileCleanerCleanup</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
file:${catalina.home}/OpenKM.xml
</param-value>
</context-param>
<!-- Startup Servlets -->
<servlet>
<servlet-name>RepositoryStartup</servlet-name>
<servlet-class>com.openkm.servlet.RepositoryStartupServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<!-- Frontend Servlets -->
<servlet>
<servlet-name>WorkspaceServlet</servlet-name>
<servlet-class>com.openkm.servlet.frontend.WorkspaceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>DocumentServlet</servlet-name>
<servlet-class>com.openkm.servlet.frontend.DocumentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FrontendAuthServlet</servlet-name>
<servlet-class>com.openkm.servlet.frontend.AuthServlet</servlet-class>
</servlet>
.....
<!-- Test Servlets -->
<servlet>
<servlet-name>Test</servlet-name>
<servlet-class>com.openkm.servlet.TestServlet</servlet-class>
</servlet>
<!-- Startup servlets -->
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<!-- Frontend Servlet Mappings -->
<servlet-mapping>
<servlet-name>WorkspaceServlet</servlet-name>
<url-pattern>/frontend/Workspace</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DocumentServlet</servlet-name>
<url-pattern>/frontend/Document</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FrontendAuthServlet</servlet-name>
<url-pattern>/frontend/Auth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RepositoryServlet</servlet-name>
<url-pattern>/frontend/Repository</url-pattern>
</servlet-mapping>
.....
<!-- Test Servlets -->
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/frontend/Test</url-pattern>
</servlet-mapping>
<!-- Extensions Servlet Mappings -->
<servlet-mapping>
<servlet-name>DataBrowserServlet</servlet-name>
<url-pattern>/extension/DataBrowser</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MacrosServlet</servlet-name>
<url-pattern>/extension/Macros</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DropboxServlet</servlet-name>
<url-pattern>/extension/Dropbox</url-pattern>
</servlet-mapping>
<!-- Misc servlets mappings -->
<servlet-mapping>
<servlet-name>SyndicationServlet</servlet-name>
<url-pattern>/feed/*</url-pattern>
</servlet-mapping>
.....
<!-- Admin Servlet Mappings -->
<servlet-mapping>
<servlet-name>StatsGraphServlet</servlet-name>
<url-pattern>/admin/StatsGraph</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RepositoryCheckerServlet</servlet-name>
<url-pattern>/admin/RepositoryChecker</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WorkflowGraphServlet</servlet-name>
<url-pattern>/admin/WorkflowGraph</url-pattern>
.....
<!-- Test Servlet Mapping -->
<servlet-mapping>
<servlet-name>Test</servlet-name>
<url-pattern>/Test</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>com.openkm.frontend.client.OKMException</exception-type>
<location>/error.jsp</location>
</error-page>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/error.jsp</location>
</error-page>
I've tried lot of things but without success,
Someone have an idee ?
regards,
Michael.