Nuxeo + Jasig CAS

Hello! I am deploying Nuxeo for the first time and also this is first time I am setting up SSO which is jasig CAS server. I have downloaded the plugin, configured the descriptor and auth chain. Now is the question: should the LDAP or SQL directory be configured in the Nuxeo, to allow the system check the user permissions. I.e.: how can I login with the admin credentials if I am constantly redirected to CAS page?

0 votes

1 answers

1318 views

ANSWER



Hi,

Yes if you are using CAS/LDAP to handle authentication your need to configure Nuxeo to bind the same LDAP directory to provision user accounts.

https://doc.nuxeo.com/display/ADMINDOC/Using+a+LDAP+Directory

In order to use an LDAP account to log in as an administrator, you will need to configure this extension point:

<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
    <userManager>
      <!-- ldap administrator uid -->
      <defaultAdministratorId>12345</defaultAdministratorId>
      <!-- admin group -->
      <administratorsGroup>ecm-admin</administratorsGroup>
      <defaultGroup>members</defaultGroup>
    </userManager>
</extension>
1 votes



Thanks for the reply, but can I use only CAS server and Nuxeo internal user manager to perform authentication?
06/15/2015

What do you want to use CAS for then ? If what you mean is can I mix CAS authentication with other authentication methods the answer is yes, you can chain authentication methods and stack authentication modules as demonstrated in the documentation:

https://doc.nuxeo.com/display/NXDOC/Authentication

See also:

http://explorer.nuxeo.com/nuxeo/site/distribution/Nuxeo%20Platform-5.6/viewComponent/org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService

06/15/2015