permanent links and CAS authentication
Hi,
We still have problem with CAS Authentication and permanent links even without using ANONYMOUS_AUTH_FOR_CAS2 plugin (see http://answers.nuxeo.com/questions/5445/permanent-links-dont-work-with-cas-authentication), but another kind.
If document can be reached with its permanent link, other links in the page (other workspaces or “deconnection button”) are broken: we got a “page not found” when we used them.
This happen when there is no previous cookies in the browser (no connection to nuxeo plateform before use of the direct link).
In this case, URLs of the links contain the substring “jsessionid=…..”
Ex.: http://localhost/nuxeo/nxpath/default/default-domain/workspaces/niv2@view_documents;jsessionid=4E26E6BDDFB2E0220550C9728EB97927.nuxeo?tabIds=%3A&conversationId=0NXMAIN1
After a back with the link given in the error page, the URL become :
http://localhost/nuxeo/nxpath/default/default-domain/workspaces/niv2@view_documents?tabIds=%3A&conversationId=0NXMAIN2
and works.
Has someone experienced the same behaviour?
Thanks
I'm not sure what would need done for the CAS plugin (probably changing the internal code to make a slightly modified one) but for our project we ended up writing our own login authenticator that we plugged into nuxeo and used that instead of CAS. If you go that route I had written a blog post describing what we had to do here: http://blogs.nuxeo.com/development/2014/01/guest-post-integrating-single-sign-sso-nuxeo-case-management/ Hopefully that can help you out.
Short answer is we created our own Authenticator class public class InfiniteAuthenticator implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension and in the override method “handlerRetrieveIdentity” we have some logic to authenticate w/ our internal system and if successful, then call: httpRequest.getSession(true);
Nuxeo's info regarding authenticators can be found here which is helpful also: http://doc.nuxeo.com/display/NXDOC/Authentication
Hi I found a solution for my authenticator, I assume the same thing is happening in the CAS one. Sometimes the tomcat session has not been initialized during authentication (according to this post: http://stackoverflow.com/questions/595872/under-what-conditions-is-a-jsessionid-created) so I needed to add a: httpRequest.getSession(true); during the handleRetrieveIdentity method. This seems to fix my issue of Nuxeo going to a page not found after navigating following any direct link.
I think the CAS authenticator is hosted here: https://github.com/nuxeo/nuxeo-platform-login/blob/master/nuxeo-platform-login-cas2/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.java in which you could attempt just adding httpRequest.getSession(true); into the handleRetrieveIdentity function to make sure that the session has been started.
http://answers.nuxeo.com/questions/7112/logout-plugin-not-being-called-after-direct-link-navigation
In our case, as we want use permanent links, we drop the idea to use CAS in favor of shibboleth, which works.