/
Configuring Confluence with JASIG CAS Client for Java 3.1

Configuring Confluence with JASIG CAS Client for Java 3.1

As of JASIG CAS Client for Java 3.1.3, the distribution includes Atlassian Confluence and Jira support. Support is enabled by a custom CAS authenticator that extends the default authenticators.

$CONFLUENCE_INSTALL Description

<extracted archive directory>/confluence

/opt/atlassian/confluence/confluence-3.0.1/confluence

Modify the web.xml

Add the CAS Filters to the end of the filter list.
(info) See Configuring the Jasig CAS Client for Java in the web.xml for parameters

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Filters -->
<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>https://cas.institution.edu/cas/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>https://confluence.institution.edu/confluence/</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>https://cas.institution.edu/cas</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>https://confluence.institution.edu/confluence/</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<!--- CAS:END -->

Don't Forget To Change the URLs

 

Before the login filter-mapping add:

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Filter Mappings -->
<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:END -->

Add the Single Sign Out listener to the list of listener list too

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Single Sign Out Listener -->
<listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- CAS:END -->

Modify the seraph-config.xml

$CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml
<init-param>
    <param-name>login.url</param-name>
    <!--<param-value>/login.action?os_destination=${originalurl}</param-value>-->
    <param-value>http://cas.institution.edu/cas/login?service=${originalurl}</param-value>
</init-param>
<init-param>
    <param-name>link.login.url</param-name>
    <!--<param-value>/login.action</param-value>-->
    <param-value>http://cas.institution.edu/cas/login?service=${originalurl}</param-value>
</init-param>

Don't Forget To Change the URLs

 
CAS Authenticator

Comment out the DefaultAuthenticator and add in the JASIG CAS Confluence Authenticator

$CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml
<!--<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>-->

<!-- CAS:START - Java Client Confluence Authenticator -->
<authenticator class="org.jasig.cas.client.integration.atlassian.ConfluenceCasAuthenticator"/>
<!-- CAS:END -->
CAS Logout instead of Confluence logout

(info) Atlassian doesn't support a config option yet (like Jira), please vote up the feature request here: http://jira.atlassian.com/browse/CONF-4931
To rely on the Single Sign Out functionality to sign off of Confluence we need to modify the logout link

  1. Copy $CONFLUENCE_INSTALL/WEB-INF/lib/confluence-x.x.x.jar to a temporary directory
    • mkdir /tmp/confluence-jar && cp WEB-INF/lib/confluence-3.0.1.jar /tmp/confluence-jar
  2. Unpack the jar
    • cd /tmp/confluence-jar && jar xvf confluence-3.0.1.jar
  3. Copy xwork.xml to $CONFLUENCE_INSTALL/WEB-INF/classes
    • cp xwork.xml $CONFLUENCE_INSTALL/WEB-INF/classes/ && cd $CONFLUENCE_INSTALL/WEB-INF/classes/
  4. Edit $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml, find the logout action and comment out the success result and replace it with this one

    $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml
    <!--            <result name="success" type="velocity">/logout.vm</result> -->
    <!-- CAS:START - CAS Logout Redirect -->
                <result name="success" type="redirect">https://cas.institution.edu/cas/logout</result>
    <!-- CAS:END -->
    

     

     

     

     

CAS Jar Libs

Copy cas-client-core-3.1.x.jar and cas-client-integration-atlassian-3.1.x.jar to $CONFLUENCE_INSTALL/WEB-INF/lib

 

Troubleshooting

Characters Encoding

If you encounter issues with characters encoding you may experience a bug from CAS client CASC-122 - Getting issue details... STATUS . It could be fixed by applying the following steps :

  • Download the last version (2.0.2 today) of vt servlet filters here : http://code.google.com/p/vt-middleware/downloads/list
  • extract the file on your server, copy jars/vt-servlet-filters-xxx.jar (with xxx = the current version) in $CONFLUENCE_INSTALL/WEB-INF/lib
  • modify $CONFLUENCE_INSTALL/WEB-INF/web.xml already CASified  as well :
    • BEFORE all CAS filters, and especially before CasSingleSignOutFilter filter, add :
<filter>
  <filter-name>CharacterEncodingFilter</filter-name>
  <filter-class>edu.vt.middleware.servlet.filter.CharacterEncodingFilter</filter-class>
  <init-param>
    <param-name>requestCharsetName</param-name>
    <param-value>UTF-8</param-value>
  </init-param>
  <init-param>
    <param-name>responseCharsetName</param-name>
    <param-value>UTF-8</param-value>
  </init-param>
</filter>
    • BEFORE all filter-mapping CAS parameters, and especially before "CasSingleSignOutFilter" filter-mapping, add the following :
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
  • Restart Confluence (or Jira). It should work.