permanent links and CAS authentication

Hi,

We still have problem with CAS Authentication and permanent links even without using ANONYMOUS_AUTH_FOR_CAS2 plugin (see http://answers.nuxeo.com/questions/5445/permanent-links-dont-work-with-cas-authentication), but another kind.

If document can be reached with its permanent link, other links in the page (other workspaces or “deconnection button”) are broken: we got a “page not found” when we used them.

This happen when there is no previous cookies in the browser (no connection to nuxeo plateform before use of the direct link).

In this case, URLs of the links contain the substring “jsessionid=…..”

Ex.: http://localhost/nuxeo/nxpath/default/default-domain/workspaces/niv2@view_documents;jsessionid=4E26E6BDDFB2E0220550C9728EB97927.nuxeo?tabIds=%3A&conversationId=0NXMAIN1

After a back with the link given in the error page, the URL become :

http://localhost/nuxeo/nxpath/default/default-domain/workspaces/niv2@view_documents?tabIds=%3A&conversationId=0NXMAIN2

and works.

Has someone experienced the same behaviour?

Thanks

0 votes

2 answers

1744 views

ANSWER

We have the same issue w/ our custom auth plugin, not sure how to fix yet. Perhaps there is some way to create the nuxeo session during authentication?

http://answers.nuxeo.com/questions/7112/logout-plugin-not-being-called-after-direct-link-navigation

11/04/2013

I don't know how to solve this problem.

In our case, as we want use permanent links, we drop the idea to use CAS in favor of shibboleth, which works.

11/04/2013



I'm not sure what would need done for the CAS plugin (probably changing the internal code to make a slightly modified one) but for our project we ended up writing our own login authenticator that we plugged into nuxeo and used that instead of CAS. If you go that route I had written a blog post describing what we had to do here: http://blogs.nuxeo.com/development/2014/01/guest-post-integrating-single-sign-sso-nuxeo-case-management/ Hopefully that can help you out.

Short answer is we created our own Authenticator class public class InfiniteAuthenticator implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension and in the override method “handlerRetrieveIdentity” we have some logic to authenticate w/ our internal system and if successful, then call: httpRequest.getSession(true);

Nuxeo's info regarding authenticators can be found here which is helpful also: http://doc.nuxeo.com/display/NXDOC/Authentication

0 votes



Hi I found a solution for my authenticator, I assume the same thing is happening in the CAS one. Sometimes the tomcat session has not been initialized during authentication (according to this post: http://stackoverflow.com/questions/595872/under-what-conditions-is-a-jsessionid-created) so I needed to add a: httpRequest.getSession(true); during the handleRetrieveIdentity method. This seems to fix my issue of Nuxeo going to a page not found after navigating following any direct link.

I think the CAS authenticator is hosted here: https://github.com/nuxeo/nuxeo-platform-login/blob/master/nuxeo-platform-login-cas2/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.java in which you could attempt just adding httpRequest.getSession(true); into the handleRetrieveIdentity function to make sure that the session has been started.

0 votes



Thanks for this response but can you explain how you make "so I needed to add a: httpRequest.getSession(true); during the handleRetrieveIdentity method." Where can I add this code ?
10/10/2014