Confluence 5 with Jasig CAS SSO ?

Hi, anyone had success CASifying Confluence 5 with Jasig CAS client ?

Following Jasig guide https://wiki.jasig.org/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1 gives browser endless bouncing loop between CAS and Confluence.

8 answers

1 accepted

Accepted Answer
2 votes

There is implementation of JASIG CAS Client for Confluence 5.0 in this pull request. You should be able to build it using

mvn package -pl cas-client-core,cas-client-integration-confluence-v5

Sorry for late reply, I was busy on other subject.

Yes, it works, well, maven build fails with missing jar dependency:

[ERROR] Failed to execute goal on project cas-client-integration-confluence-v5: Could not resolve dependencies for project org.jasig.cas.client:cas-client-integration-confluence-v5:jar:3.3-SNAPSHOT: Failure to find javax.activation:activation:jar:1.0.2 in http://repository.atlassian.com/maven2/ was cached in the local repository, ...

But after adding this jar to repo, it builds fine, and it works fine.

Thank you !

How do I patch this onto java-cas-client/cas-client-integration-atlassian?

Hi, all

It works well with Confluence v5.1.5 using cas-client-integration-confluence-v5-3.3-SNAPSHOT.jar.

But, there's a problem in my scene:

if the CAS user is not added in Confluence, when the user try to login, it causes redirection loops as below:

http://casServer/cas/login?service=http%3A%2F%2FconfluenceServer%2Fhomepage.action
http://confluenceServer/homepage.action?ticket=ST-2683-du9yGHgLy6lAb3Znalxg-cas
http://confluenceServer/homepage.action

http://casServer/cas/login?service=http%3A%2F%2F confluenceServer%2Fhomepage.action
http://confluenceServer/homepage.action?ticket=ST-2684-FPZOscRVqbrJ93nTNnH1-cas
http://confluenceServer/homepage.action

...

And, it shows getUser failed in debug log, because the user is not exists in Confluence.

2013-12-10 15:03:14,958 DEBUG [http-8090-7] [cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] doFilter Successfully authenticated user: username
2013-12-10 15:03:14,958 DEBUG [http-8090-7] [cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] doFilter Redirecting after successful ticket validation.
2013-12-10 15:03:14,959 DEBUG [http-8090-7] [cas.client.util.CommonUtils] constructServiceUrl serviceUrl generated: http://confluenceServer/homepage.action
2013-12-10 15:03:14,980 DEBUG [http-8090-7] [integration.confluence.v5.ConfluenceCasAuthenticator] getUser Failed logging [username] from CAS.
2013-12-10 15:03:15,008 DEBUG [http-8090-7] [integration.confluence.v5.ConfluenceCasAuthenticator] getUser Failed logging [username] from CAS.
2013-12-10 15:03:15,009 DEBUG [http-8090-7] [integration.confluence.v5.ConfluenceCasAuthenticator] getUser Failed logging [username] from CAS. 2013-12-10 15:03:15,108 DEBUG [http-8090-7] [cas.client.session.SingleSignOutHandler] recordSession Recording session for token ST-2684-FPZOscRVqbrJ93nTNnH1-cas

Is there's a way to handle such scene?

Can u send the jar file to me? cas-client-integration-confluence-v5-3.3-SNAPSHOT.jar

I've tried it briefly - and yes there are some changes in Confluence classes causing exception.

Hi Jozef, as you mentioned in another reply, Jasig CAS client build from sources snapshot is required, so I compiled 3.3 build, but I'm not sure if there any configuration changes required for 3.3 ? The only thing I changed is authenticator class in seraph-config.xml to "Confluence35CasAuthenticator", but it still does not work.

This is the exception I get the first time I visit CASifyed Confluence 5:

Cause

javax.servlet.ServletException: Filter execution threw an exception
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:259)

caused by: java.lang.IllegalAccessError: tried to access method com.atlassian.confluence.event.events.security.SecurityEvent.<init>(Ljava/lang/Object;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V from class org.jasig.cas.client.integration.atlassian.Confluence35CasAuthenticator
at org.jasig.cas.client.integration.atlassian.Confluence35CasAuthenticator.getUser(Confluence35CasAuthenticator.java:74)

And if I refresh the page with this error, I'm logged in. I'll try to look in the logs to see what's going on.

SO at this point your configuration is correct and you stumbled on that exception I've mentioned in my first comment. There is changed API in event dispatching - so at the first time your login failed (but is stored already), the second time no loginevent is dispatched - so you are in.

The change in JASIG cleint would be easy, if there where not messed dependencies (as supporting both JIRA and Confluence in 2 different versions). I have plan to split it to separate plugin, but haven't got to it yet.

Thank you for explanation. In the meantime do you think any workaround is possible to get it work nicely without this additional "Refresh" page action ?

Hi Jozef and evaldas,

I'm new to this process. Here is the steps I have done last night but did not work.

git clone https://github.com/Jasig/java-cas-client

cd java-cas-client

mvn package -pl cas-client-core,cas-client-integration-atlassian

cp cas-client-integration-atlassian/target/cas-client-integration-atlassian-3.3-SNAPSHOT.jar /deploy/AppServers/techwiki/webapps/ROOT/WEB-INF/lib

cp cas-client-core/target/cas-client-core-3.3-SNAPSHOT.jar /deploy/AppServers/techwiki/webapps/ROOT/WEB-INF/lib

Did you patch configuration files appropriatelly according guide?

I built it fail.Can u send the jar file to me? cas-client-integration-confluence-v5-3.3-SNAPSHOT.jar

[ERROR] Failed to execute goal on project cas-client-integration-confluence-v5:

Could not resolve dependencies for project org.jasig.cas.client:cas-client-integ

ration-confluence-v5:jar:3.3-SNAPSHOT: Failed to collect dependencies for [org.j

asig.cas.client:cas-client-core:jar:3.3-SNAPSHOT (compile), com.atlassian.conflu

ence:confluence:jar:5.0 (provided), junit:junit:jar:4.8.2 (test), org.slf4j:slf4

j-api:jar:1.7.1 (compile), javax.servlet:servlet-api:jar:2.4 (provided), org.slf

4j:jcl-over-slf4j:jar:1.7.1 (test), org.slf4j:slf4j-simple:jar:1.7.1 (test)]: Fa

iled to read artifact descriptor for com.atlassian.confluence:confluence:jar:5.0

: Could not transfer artifact com.atlassian.confluence:confluence:pom:5.0 from/t

o atlassian (http://repository.atlassian.com/maven2/):repository.atlassian.com:

Unknown host repository.atlassian.com-> [Help 1]

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in Featured Groups

Tuesday tips & tricks: What is the Atlassian Community?

It's officially Tuesday, which means it's officially time for another tip to help you better navigate this space we call the Atlassian Community. 😄 I got a great question from community member, Sa...

43 views 2 4
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you