Implementation notes - wrighting/alfresco-cas GitHub Wiki

Filter Configuration

The CAS filters are defined by editing the Share web.xml file.

A better solution would be to use a web-fragment.xml file (e.g. in filtered/META-INF) and this does work to some extent however there is one problem.

The problem is that the CAS filters need to be applied before the Alfresco filters or deep linking won't work i.e. if you link to a URL within Share and have to login first then you will not be taken to the correct URL after logging in, if you use the web-fragment then those filter will be applied after the Alfresco filters.

This wouldn't be difficult to remedy, as the order of web-fragments can be defined, but would require some refactoring of the authentication components in Share (and Repo).

Why filter order is important for deep linking

It's complicated but trying to put it as simply as possible the login page is, one of a number of, a special cases in the SSOAuthenticationFilter which means that you can get away with the login page as your CAS service parameter because the Filter passes the request straight on (to the CAS Filter, which logs you in) but if you try to use a normal link then you end up in a redirect loop. Somewhere along the line, it must be in SlingshotPageView.buildLoginRedirectURL, the session parameters which tell the login page where to go are cleared, then there's an additional round of redirects which means you end up in the wrong place.

share-config-custom.xml

See ./share-amp/src/main/resources/META-INF/share-config-custom.xml

This is reasonably well documented elsewhere however you may notice that the connector class is not what you expect. This is due to a bug see this JIRA. This is the purpose of the SlingshotAlfrescoConnector class.