Hi Suelane, 

Could you also provide the URLs for the two screen shot images you included in the Word doc you attached? I.e. The URL for the login page (CAS login) and the following “connection refused" page. There might be something about those URLs that may explain the connection refused error(?).

Thanks,
Nick
-- 
Nick dos Remedios
Atlas of Living Australia
http://www.ala.org.au/

From: "Suelane G. Fontes" <suelane@uol.com.br>
Date: Saturday, 26 April 2014 4:53 am
To: Nick <nick.dosremedios@csiro.au>
Cc: "ala-portal@lists.gbif.org" <ala-portal@lists.gbif.org>, "support@ala.org.au" <support@ala.org.au>
Subject: Re: Cas Authentication - Hubs-Webapp

Hi Nick! 

I am trying to integrate the Hubs-WEBAPP with CAS jasig. 
It is partially working but I have some issues ...
I am sending attached the document explaining the issue and the Tomcat logs.
 
Thanks! 
Regards.
 
Sueln

De: Nick.Dosremedios@csiro.au
Enviada: Terça-feira, 22 de Abril de 2014 04:05
Para: suelane@uol.com.br
Assunto: Cas Authentication - Hubs-Webapp

Hi Suelane,
 
There are many variables to getting CAS working its hard to tell what the problem is from your screen shots alone. One thing I can suggest is that you compare the web.xml file you are using with hubs-webapp to the generated web.xml in the Collectory grails app and try to work out what CAS settings are different that might be causing your issue.
 
Also does your casServerName and loginUrl settings both start with “https”? Have you set the correct “contextPath” value (/hubs-webapp)?
 
Regards Nick
-- 
Nick dos Remedios
Atlas of Living Australia
 
From: "Suelane G. Fontes" <suelane@uol.com.br>
Date: Friday, 18 April 2014 7:45 am
To: Nick <nick.dosremedios@csiro.au>
Cc: "ala-portal@lists.gbif.org" <ala-portal@lists.gbif.org>, "support@ala.org.au" <support@ala.org.au>
Subject: Re: Cas Authentication - Hubs-Webapp
 
 
Hi Nick,
I did what you suggested and we integrated ala-hubs with jasig-cas.
Now, The Log in button (see image attached)  redirects the hubs-webapp page to jasig-cas authentication page.
nevertheless, The search button in the same page can be accessed even if the user do not perform the log in operation.
We would like to know how to enforce this authentication before the user has access to perform a search in ala-hubs.
Thanks!
Regards.

De: Nick.Dosremedios@csiro.au
Enviada: Quinta-feira, 17 de Abril de 2014 00:16
Para: suelane@uol.com.br,ala-portal@lists.gbif.org,support@ala.org.au
Assunto: Cas Authentication - Hubs-Webapp
Hi Suelane,
 
I’d suggest you try these 2 minor changes to the web.xml file:
 
1. Change the serverName section -
from:

serverName

  http://143.107.102.247:8080/hubs-webapp/

 

to:

serverName

  http://143.107.102.247:8080

 

contextpath

  <param-value>/hubs-webappparam-value>

 


2. Change the server uriFilterPattern to:

 

  uriFilterPattern

  /*

 

 
I also note you are missing a few filter settings that we use in our version of hub-webapp. I’ve attached a sample “web.xml” file that you should look at, to check against, if the above changes do not work.
 
Regards
 
Nick
-- 
Nick dos Remedios
Atlas of Living Australia
 
From: "Suelane G. Fontes" <suelane@uol.com.br>
Date: Thursday, 17 April 2014 5:22 am
To: "ala-portal@lists.gbif.org" <ala-portal@lists.gbif.org>, "support@ala.org.au" <support@ala.org.au>
Subject: Cas Authentication - Hubs-Webapp
 

Hi all,

We need to enforce the users to authenticate before have access to ALA-PORTAL..

We found a authentication enforcement in ala-collectory module, when the user tries to access the “admin” page, using JASIG Cas server.

We performed the following steps to test the authentication:

We deployed an instance of JASIG Cas server (http://www.jasig.org/cas) in server: http://143.107.102.247:65002/cas-server-webapp-3.4.12.1.

We configured the ala-collectoy to enforce authentication in file: ala-collectory-0.1.0/ala-collectory/grails-app/conf/config.groovy , using the following code:

/******************************************************************************\

*  SECURITY
\******************************************************************************/
if (!security.cas.uriFilterPattern) {
   security.cas.uriFilterPattern = "/admin.*,/collection.*,/institution.*,/contact.*,/reports.*," +
           "/providerCode.*,/providerMap.*,/dataProvider.*,/dataResource.*,/dataHub.*,/manage/.*"
}
if (!security.cas.loginUrl) {
   security.cas.loginUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login"
}
if (!security.cas.logoutUrl) {
   security.cas.logoutUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/logout"
}
if (!security.apikey.serviceUrl) {
   security.apikey.serviceUrl = "http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/apikey/ws/check?apikey="
}
if(!security.cas.appServerName){
   security.cas.appServerName = "http://143.107.102.247:65002"
}
if(!security.cas.casServerName){
   security.cas.casServerName = "http://143.107.102.247:8080"
}
if(!security.cas.uriExclusionFilterPattern){
   security.cas.uriExclusionFilterPattern = '/images.*,/css.*,/js.*,/less.*'
}
if(!security.cas.authenticateOnlyIfLoggedInPattern){
   security.cas.authenticateOnlyIfLoggedInPattern = "" // pattern for pages that can optionally display info about the logged-in user
}
if(!security.cas.casServerUrlPrefix){
   security.cas.casServerUrlPrefix = 'http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/'
}
if(!security.cas.bypass){
   security.cas.bypass = true
}
if(!disableAlertLinks){
   disableAlertLinks = false
}

if(!disableOverviewMap){
   disableOverviewMap = false
}

then, we tried to access the admin section of ala-collectory browser. Which worked perfectly: the ala-collectory redirected the call to CAS server login page, and after the user provides correct username and password the user is redirected again to admin-section of ala-collectory.

We would like to enforce the same authentication in ala-hubs, as shown in the figure adapted from wiki (attached).

We followed the steps in wiki:

https://code.google.com/p/ala-bie/wiki/Authentication#Example_web.xml_configuration .

In pom.xml of hubs-webapp directory we included the following code:

 

org.jasig.cas

cas-client-core

3.1.10

jar

compile

 

 

au.org.ala

ala-cas-client

2.0-SNAPSHOT

jar

compile

 

 

javax.servlet

servlet-api

 

 

 

 

In web.xml file we included the following code:

 

 

 

serverName

http://143.107.102.247:8080/hubs-webapp/

 

 

 

casServerName

http://143.107.102.247:8080

 

 

 

uriFilterPattern

/, /occurrences/\d+, /occurrences/search, /explore/your-area

 

 

 

 

CAS Authentication Filter

au.org.ala.cas.client.UriFilter

 

filterClass

org.jasig.cas.client.authentication.AuthenticationFilter

 

 

casServerLoginUrl

http://143.107.102.247:65002/cas-server-webapp-3.4.12.1/login

 

 

gateway

true

 

 

 

 

CAS Validation Filter

au.org.ala.cas.client.UriFilter

 

filterClass

org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter

 

 

casServerUrlPrefix

http://143.107.102.247:65002/cas-server-webapp-3.4.12.1

 

 

 

 

CAS HttpServletRequest Wrapper Filter

au.org.ala.cas.client.UriFilter

 

filterClass

au.org.ala.cas.client.AlaHttpServletRequestWrapperFilter

 

 

 

 

CAS Authentication Filter

/*

 

 

 

CAS Validation Filter

/*

 

 

 

CAS HttpServletRequest Wrapper Filter

/*

 

then we deployed the hubs-webapp.war in tomcat server. Unfornatelly, when the user access ala-webapp no autentication is asked by ala-portal.

What we need to do in order to enforce all the users to autenticate in jasig cas before have access to hubs-webapp?

Regards, 

Suelane/Silvio