Configuring Confluence with JASIG CAS Client for Java 3.1

Added by Scott Battaglia, last edited by Scott Battaglia on Oct 06, 2009  (view change)
Table of Contents

As of JASIG CAS Client for Java 3.1.3, the distribution includes Atlassian Confluence and Jira support. Support is enabled by a custom CAS authenticator that extends the default authenticators.

$CONFLUENCE_INSTALL Description

<extracted archive directory>/confluence

/opt/atlassian/confluence/confluence-3.0.1/confluence

Modify the web.xml

Add the CAS Filters to the end of the filter list.
See Configuring the JA-SIG CAS Client for Java in the web.xml for parameters

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Filters -->
<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>https://cas.institution.edu/cas/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>https://confluence.institution.edu/confluence/</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>https://cas.institution.edu/cas</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>https://confluence.institution.edu/confluence/</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<!--- CAS:END -->
Don't Forget To Change the URLs

Before the login filter-mapping add:

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Filter Mappings -->
<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:END -->

Add the Single Sign Out listener to the list of listener list too

$CONFLUENCE_INSTALL/WEB-INF/web.xml
<!-- CAS:START - Java Client Single Sign Out Listener -->
<listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- CAS:END -->

Modify the seraph-config.xml

CAS Login links
$CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml
<init-param>
    <param-name>login.url</param-name>
    <!--<param-value>/login.action?os_destination=${originalurl}</param-value>-->
    <param-value>http://cas.institution.edu/cas/login?service=${originalurl}</param-value>
</init-param>
<init-param>
    <param-name>link.login.url</param-name>
    <!--<param-value>/login.action</param-value>-->
    <param-value>http://cas.institution.edu/cas/login?service=${originalurl}</param-value>
</init-param>
Don't Forget To Change the URLs
CAS Authenticator

Comment out the DefaultAuthenticator and add in the JASIG CAS Confluence Authenticator

$CONFLUENCE_INSTALL/WEB-INF/classes/seraph-config.xml
<!--<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>-->

<!-- CAS:START - Java Client Confluence Authenticator -->
<authenticator class="org.jasig.cas.client.integration.atlassian.ConfluenceCasAuthenticator"/>
<!-- CAS:END -->
CAS Logout instead of Confluence logout

Atlassian doesn't support a config option yet (like Jira), please vote up the feature request here: http://jira.atlassian.com/browse/CONF-4931
To rely on the Single Sign Out functionality to sign off of Confluence we need to modify the logout link

  1. Copy $CONFLUENCE_INSTALL/WEB-INF/lib/confluence-x.x.x.jar to a temporary directory
    • mkdir /tmp/confluence-jar && cp WEB-INF/lib/confluence-3.0.1.jar /tmp/confluence-jar
  2. Unpack the jar
    • cd /tmp/confluence-jar && jar xvf confluence-3.0.1.jar
  3. Copy xwork.xml to $CONFLUENCE_INSTALL/WEB-INF/classes
    • cp xwork.xml $CONFLUENCE_INSTALL/WEB-INF/classes/ && cd $CONFLUENCE_INSTALL/WEB-INF/classes/
  4. Edit $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml, find the logout action and comment out the success result and replace it with this one
    $CONFLUENCE_INSTALL/WEB-INF/classes/xwork.xml
    <!--            <result name="success" type="velocity">/logout.vm</result> -->
<!-- CAS:START - CAS Logout Redirect -->
            <result name="success" type="redirect">https://cas.institution.edu/cas/logout</result>
<!-- CAS:END -->

CAS Jar Libs

Copy cas-client-core-3.1.x.jar and cas-client-integration-atlassian-3.1.x.jar to $CONFLUENCE_INSTALL/WEB-INF/lib
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.