Skip to end of metadata
Go to start of metadata
Table of Contents

As of JASIG CAS Client for Java 3.1.3, the distribution includes Atlassian Confluence and Jira support. Support is enabled by a custom CAS authenticator that extends the default authenticators.

$CONFLUENCE_INSTALL Description

<extracted archive directory>/confluence

/opt/atlassian/confluence/confluence-3.0.1/confluence

Modify the web.xml

Add the CAS Filters to the end of the filter list.
(info) See Configuring the Jasig CAS Client for Java in the web.xml for parameters

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Filters -->
<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>https://cas.institution.edu/cas/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>https://confluence.institution.edu/confluence/</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>https://cas.institution.edu/cas</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>https://confluence.institution.edu/confluence/</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<!--- CAS:END -->

Don't Forget To Change the URLs

 

Before the login filter-mapping add:

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Filter Mappings -->
<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:END -->

Add the Single Sign Out listener to the list of listener list too

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Single Sign Out Listener -->
<listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- CAS:END -->

Modify the seraph-config.xml

$CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml
<init-param>
    <param-name>login.url</param-name>
    <!--<param-value>/login.action?os_destination=${originalurl}</param-value>-->
    <param-value>http://cas.institution.edu/cas/login?service=${originalurl}</param-value>
</init-param>
<init-param>
    <param-name>link.login.url</param-name>
    <!--<param-value>/login.action</param-value>-->
    <param-value>http://cas.institution.edu/cas/login?service=${originalurl}</param-value>
</init-param>

Don't Forget To Change the URLs

 
CAS Authenticator

Comment out the DefaultAuthenticator and add in the JASIG CAS Confluence Authenticator

$CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml
<!--<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>-->

<!-- CAS:START - Java Client Confluence Authenticator -->
<authenticator class="org.jasig.cas.client.integration.atlassian.ConfluenceCasAuthenticator"/>
<!-- CAS:END -->
CAS Logout instead of Confluence logout

(info) Atlassian doesn't support a config option yet (like Jira), please vote up the feature request here: http://jira.atlassian.com/browse/CONF-4931
To rely on the Single Sign Out functionality to sign off of Confluence we need to modify the logout link

  1. Copy $CONFLUENCE_INSTALL/WEB-INF/lib/confluence-x.x.x.jar to a temporary directory
    • mkdir /tmp/confluence-jar && cp WEB-INF/lib/confluence-3.0.1.jar /tmp/confluence-jar
  2. Unpack the jar
    • cd /tmp/confluence-jar && jar xvf confluence-3.0.1.jar
  3. Copy xwork.xml to $CONFLUENCE_INSTALL/WEB-INF/classes
    • cp xwork.xml $CONFLUENCE_INSTALL/WEB-INF/classes/ && cd $CONFLUENCE_INSTALL/WEB-INF/classes/
  4. Edit $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml, find the logout action and comment out the success result and replace it with this one

    $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml
    <!--            <result name="success" type="velocity">/logout.vm</result> -->
    <!-- CAS:START - CAS Logout Redirect -->
                <result name="success" type="redirect">https://cas.institution.edu/cas/logout</result>
    <!-- CAS:END -->
    

     

     

     

     

    This page contains macros or features from a plugin which requires a valid license.

    You will need to contact your administrator.

CAS Jar Libs

Copy cas-client-core-3.1.x.jar and cas-client-integration-atlassian-3.1.x.jar to $CONFLUENCE_INSTALL/WEB-INF/lib

 

Troubleshooting

Characters Encoding

If you encounter issues with characters encoding you may experience a bug from CAS client CASC-122 - Getting issue details... STATUS . It could be fixed by applying the following steps :

  • Download the last version (2.0.2 today) of vt servlet filters here : http://code.google.com/p/vt-middleware/downloads/list
  • extract the file on your server, copy jars/vt-servlet-filters-xxx.jar (with xxx = the current version) in $CONFLUENCE_INSTALL/WEB-INF/lib
  • modify $CONFLUENCE_INSTALL/WEB-INF/web.xml already CASified  as well :
    • BEFORE all CAS filters, and especially before CasSingleSignOutFilter filter, add :
<filter>
  <filter-name>CharacterEncodingFilter</filter-name>
  <filter-class>edu.vt.middleware.servlet.filter.CharacterEncodingFilter</filter-class>
  <init-param>
    <param-name>requestCharsetName</param-name>
    <param-value>UTF-8</param-value>
  </init-param>
  <init-param>
    <param-name>responseCharsetName</param-name>
    <param-value>UTF-8</param-value>
  </init-param>
</filter>
    • BEFORE all filter-mapping CAS parameters, and especially before "CasSingleSignOutFilter" filter-mapping, add the following :
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
  • Restart Confluence (or Jira). It should work.
  • No labels

1 Comment

  1. Can add a filter to bypass some URLs in the Confluence like this?

    <filter> 
      <filter-name>CAS-Simple-Bypass</filter-name> 
      <filter-class>org.soulwing.cas.filter.SimpleBypassFilter</filter-class> 
      <init-param> 
        <param-name>bypassPaths</param-name> 
        <param-value>
          /rpc/*, /images/*, /styles/*, /secure/Logout!default.jspa, /secure/applet/*
        </param-value> 
      </init-param> 
    </filter> 

    and if I want to bypass the :

    /rpc/*, /images/*, /styles/*, /secure/Logout!default.jspa, /secure/applet/* 

    I must Install soulwing-casclient-0.5.jar and lib/jdom.jar into $CONFLUENCE/WEB-INF/lib. ???????http://www.soulwing.org/jira-cas.jsp

     

     

    From this page CASC-187 - Getting issue details... STATUS , I don't know the steps to bypass the URL pattern /admin/, anyone can show me the details to bypass the pattern /admin/?

     Thanks.