Configuring Confluence with JASIG CAS Client for Java 3.1
As of JASIG CAS Client for Java 3.1.3, the distribution includes Atlassian Confluence and Jira support. Support is enabled by a custom CAS authenticator that extends the default authenticators.
$CONFLUENCE_INSTALL Description
<extracted archive directory>/confluence
/opt/atlassian/confluence/confluence-3.0.1/confluence
Modify the web.xml
Add the CAS Filters to the end of the filter list.
See Configuring the Jasig CAS Client for Java in the web.xml for parameters
<!-- CAS:START - Java Client Filters --> <filter> <filter-name>CasSingleSignOutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter> <filter-name>CasAuthenticationFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://cas.institution.edu/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://confluence.institution.edu/confluence/</param-value> </init-param> </filter> <filter> <filter-name>CasValidationFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://cas.institution.edu/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://confluence.institution.edu/confluence/</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <!--- CAS:END -->
Don't Forget To Change the URLs
Before the login filter-mapping add:
<!-- CAS:START - Java Client Filter Mappings --> <filter-mapping> <filter-name>CasSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CasAuthenticationFilter</filter-name> <url-pattern>/login.action</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CasValidationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- CAS:END -->
Add the Single Sign Out listener to the list of listener list too
<!-- CAS:START - Java Client Single Sign Out Listener --> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- CAS:END -->
Modify the seraph-config.xml
CAS Login links
<init-param> <param-name>login.url</param-name> <!--<param-value>/login.action?os_destination=${originalurl}</param-value>--> <param-value>http://cas.institution.edu/cas/login?service=${originalurl}</param-value> </init-param> <init-param> <param-name>link.login.url</param-name> <!--<param-value>/login.action</param-value>--> <param-value>http://cas.institution.edu/cas/login?service=${originalurl}</param-value> </init-param>
Don't Forget To Change the URLs
CAS Authenticator
Comment out the DefaultAuthenticator and add in the JASIG CAS Confluence Authenticator
<!--<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>--> <!-- CAS:START - Java Client Confluence Authenticator --> <authenticator class="org.jasig.cas.client.integration.atlassian.ConfluenceCasAuthenticator"/> <!-- CAS:END -->
CAS Logout instead of Confluence logout
Atlassian doesn't support a config option yet (like Jira), please vote up the feature request here: http://jira.atlassian.com/browse/CONF-4931
To rely on the Single Sign Out functionality to sign off of Confluence we need to modify the logout link
- Copy $CONFLUENCE_INSTALL/WEB-INF/lib/confluence-x.x.x.jar to a temporary directory
mkdir /tmp/confluence-jar && cp WEB-INF/lib/confluence-3.0.1.jar /tmp/confluence-jar
- Unpack the jar
cd /tmp/confluence-jar && jar xvf confluence-3.0.1.jar
- Copy xwork.xml to $CONFLUENCE_INSTALL/WEB-INF/classes
cp xwork.xml $CONFLUENCE_INSTALL/WEB-INF/classes/ && cd $CONFLUENCE_INSTALL/WEB-INF/classes/
Edit $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml, find the logout action and comment out the success result and replace it with this one
$CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml<!-- <result name="success" type="velocity">/logout.vm</result> --> <!-- CAS:START - CAS Logout Redirect --> <result name="success" type="redirect">https://cas.institution.edu/cas/logout</result> <!-- CAS:END -->
CAS Jar Libs
Copy cas-client-core-3.1.x.jar and cas-client-integration-atlassian-3.1.x.jar to $CONFLUENCE_INSTALL/WEB-INF/lib
Troubleshooting
Characters Encoding
If you encounter issues with characters encoding you may experience a bug from CAS client - CASC-122Getting issue details... STATUS . It could be fixed by applying the following steps :
- Download the last version (2.0.2 today) of vt servlet filters here : http://code.google.com/p/vt-middleware/downloads/list
- extract the file on your server, copy jars/vt-servlet-filters-xxx.jar (with xxx = the current version) in $CONFLUENCE_INSTALL/WEB-INF/lib
- modify $CONFLUENCE_INSTALL/WEB-INF/web.xml already CASified as well :
- BEFORE all CAS filters, and especially before CasSingleSignOutFilter filter, add :
<filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>edu.vt.middleware.servlet.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>requestCharsetName</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>responseCharsetName</param-name> <param-value>UTF-8</param-value> </init-param> </filter>
- BEFORE all filter-mapping CAS parameters, and especially before "CasSingleSignOutFilter" filter-mapping, add the following :
<filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
- Restart Confluence (or Jira). It should work.