Use SSO on server CAS

Hello

I installed the “LDAP Application” extension to use LDAP authentication.
I added in /etc/xwiki/xwiki.cfg
the line
xwiki.authentication.authclass = org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
It works very well !

Now, I want to use SSO. That’s what I understood:

  • implement the com.xpn.xwikiuser.api.XWikiAuthService interface
    to create a class like
    org.monentrepsrise.xwiki.sso
  • In /etc/xwiki/xwiki.cfg put
    xwiki.authentication.authclass = org.monentrepsrise.xwiki.sso

I do not know enough Java to write the class org.monentrepsrise.xwiki.sso
Do you have a model? What is the simplest method ?

My environment is:
xwiki 11.2 on Debian 9.6
LDAP => OpenLDAP server
SSO => CAS server

Best Regard
Alain

Did you take a look at https://extensions.xwiki.org/xwiki/bin/view/Extension/Authenticator+Jasig+CAS ? Maybe it already cover your need.

Hello

Thank you for your advice. The SSO worked with the extension “Authenticator Jasig CAS”

That’s precisely how I did

  1. Configure XWIKI with LDAPe authentication
    To do this, install the extension “LDAP Application” and add in /etc/xwiki/xwiki.cfg the line
    xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
  2. Verify that the LDAP configuration works
  3. Install the extension “Authenticator Jasig CAS”
    In /etc/xwiki/xwiki.cfg
    replace the line
    xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
    by
    "
    xwiki.authentication.authclass=org.xwiki.contrib.authentication.cas.XWikiCASAuthenticator
    xwiki.authentication.cas.server=https://sso.my_firm.fr
    xwiki.authentication.cas.protocol=CAS20
    xwiki.authentication.cas.fields_mapping = email=email, first_name=first_name, last_name=last_name
    xwiki.authentication.cas.create_user=1
    xwiki.authentication.cas.update_user=1
    "

Note on the documentation https://extensions.xwiki.org/xwiki/bin/view/Extension/Authenticator+Jasig+CAS

  1. I did not need to do:
  1. it is indicated
    (only SAML11) mapping between XWiki user profile values and CAS attributes. Example (xwiki-attribute=cas-attribute,…)
    xwiki.authentication.cas.fields_mapping=last_name=lastName,first_name=firstName,email=email
    but :
  • it works with CAS20
  • it is necessary to mark precisely
    last_name=last_name,first_name=first_name,email=email
    (the “_” was missing)

Best regards
Alain