#1 2020-10-29 14:17:15

Stéphane
Member
Registered: 2020-09-30

Using CAS SSO

Hello,

we follow this tip: https://forum.reportserver.net/viewtopi … 4036#p4036

We try with the files given by sfblake.
1) we changed web.xml (we make sure to change the CAS and server urls as needed) --> when we restart reportserver, we obtain an error 404 (the requested resource [/reportserver] is not available)
2) we added CustomPAM.groovy script in /fileserver/bin/onstartup.d --> when we restart reportserver, we obtain the same error
3) we changed rs.authenticator.pams in reportserver.properties --> when we restart reportserver, we obtain the same error

we think that we have a problem with the web.xml but we don't find.

thanks

Offline

#2 2020-11-05 10:02:02

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Using CAS SSO

Hi Stéphane,

what is the web.xml in your normal case (without CAS) and how exactly is the URL of your reportserver in this case ?

And after applying the CAS changes to web.xml -> what is your new web.xml?

Regards,
Eduardo

Offline

#3 2021-04-14 08:07:07

Stéphane
Member
Registered: 2020-09-30

Re: Using CAS SSO

Hi Eduardo,

I had to work on another thing so my response is very very late.

Our original webxml is:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

	<filter>
		<filter-name>guiceFilter</filter-name>
		<filter-class>com.google.inject.servlet.GuiceFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>guiceFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<listener>
		<listener-class>net.datenwerke.rs.ReportServerServiceConfig</listener-class>
	</listener> 

<!-- <servlet>
		<servlet-name>Jersey REST Service</servlet-name>
		<servlet-class>
			com.sun.jersey.spi.container.servlet.ServletContainer
		</servlet-class>
		<init-param>
			<param-name>com.sun.jersey.config.property.packages</param-name>
			<param-value>net.datenwerke.rs.rest</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>Jersey REST Service</servlet-name>
		<url-pattern>/rest/*</url-pattern>
	</servlet-mapping> -->

	<session-config>
		<session-timeout>240</session-timeout>
	</session-config>

	<!-- Not for now <listener> <listener-class>net.datenwerke.rs.services.backgroundexecutor.ExecutorServiceProvider</listener-class> 
		</listener> -->

</web-app>
  	

and the new one is the same as in  https://forum.reportserver.net/viewtopi … 4036#p4036

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
		PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
		"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

	<filter>
		<filter-name>guiceFilter</filter-name>
		<filter-class>com.google.inject.servlet.GuiceFilter</filter-class>
	</filter>
	
	<filter>
		<filter-name>CAS Authentication Filter</filter-name>
		<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
		<init-param>
			<param-name>casServerLoginUrl</param-name>
			<param-value>https://auth.univ-lorraine.fr:443/cas/login</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>https://reportservercas.univ-lorraine.fr/reportserver</param-value>
		</init-param>
	</filter>
	
	<filter>
		<filter-name>CAS Validation Filter</filter-name>
		<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
		<init-param>
			<param-name>casServerUrlPrefix</param-name>
			<param-value>https://auth.univ-lorraine.fr:443/cas</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>https://reportservercas.univ-lorraine.fr/reportserver</param-value>
		</init-param>
	</filter>
	
	<filter>
		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
		<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
	</filter>
	
	<filter>
		<filter-name>CAS Assertion Thread Local Filter</filter-name>
		<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
	</filter>

	<filter-mapping>
			<filter-name>CAS Validation Filter</filter-name>
			<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<filter-mapping>
			<filter-name>CAS Authentication Filter</filter-name>
			<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<filter-mapping>
			<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
			<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<filter-mapping>
		<filter-name>CAS Assertion Thread Local Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<filter-mapping>
		<filter-name>guiceFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<listener>
		<listener-class>net.datenwerke.rs.ReportServerServiceConfig</listener-class>
	</listener>

<!-- <servlet>
		<servlet-name>Jersey REST Service</servlet-name>
		<servlet-class>
			com.sun.jersey.spi.container.servlet.ServletContainer
		</servlet-class>
		<init-param>
			<param-name>com.sun.jersey.config.property.packages</param-name>
			<param-value>net.datenwerke.rs.rest</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>Jersey REST Service</servlet-name>
		<url-pattern>/rest/*</url-pattern>
	</servlet-mapping> -->

	<session-config>
		<session-timeout>240</session-timeout>
		<tracking-mode>COOKIE</tracking-mode>
	</session-config>

	<!-- Not for now <listener> <listener-class>net.datenwerke.rs.services.backgroundexecutor.ExecutorServiceProvider</listener-class> 
	</listener> -->

</web-app>

thanks

Offline

#4 2021-04-23 06:59:00

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Using CAS SSO

Hi Stéphane,

we raised ticket RS-4840 for looking into a CAS installation example. We are in the process of installing a simple CAS server and we will let you know when we have more information on how to configure this in ReportServer.

Regards,
Eduardo

Offline

#5 2024-04-30 09:56:33

mali29
Member
Registered: 2024-03-05

Re: Using CAS SSO

Hello eduardo,

I'm currently facing difficulties setting up CAS (Central Authentication Service) on my ReportServer application. I carefully followed the instructions provided in the previous messages, but I can't seem to get the proposed solution to work.

I'm wondering if anyone has successfully implemented CAS on ReportServer and could help me troubleshoot this issue. Specifically, I'm unable to locate the "onstartup.d" file mentioned in the instructions I've been following. Does anyone know where I can find it or if it's named differently in the version I'm using?

Any help or suggestions would be greatly appreciated. Thank you in advance for your assistance!

Best regards,

Offline

#6 2024-04-30 10:03:24

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Using CAS SSO

Hi mali29,

onstartu.d is just a directory in the ReportServer's virtual file system. If it doesn't exist you can just create it in the correct location: /bin/onstartup.d
Pls note that this is not your OS /bin directory but the RS /bin directory.

Regards,
Eduarod

Offline

#7 2024-04-30 10:35:55

mali29
Member
Registered: 2024-03-05

Re: Using CAS SSO

Thank you for your response and clarification regarding the onstartup.d directory. I've created the directory in the correct location (/bin/onstartup.d) as you suggested, but unfortunately, I'm still encountering issues despite following the instructions.

Regarding your question about connecting ReportServer to CAS, I'm also curious if anyone has successfully achieved this integration. If so, any insights or guidance would be greatly appreciated.

Regarding the multiple values for rs.authenticator.pams in the reportserver.properties file, I'm also interested in learning more about their functionalities and configurations. Does anyone know if there's specific documentation available for this?

Any further assistance or advice from the community would be invaluable.

Thanks,
mali29

Offline

#8 2024-05-27 10:06:51

blueboy
Member
Registered: 2022-10-17

Re: Using CAS SSO

i'm trying to get 4.6.2-6102 to work with CAS as well. what value should I use for rs.authenticator.pams? Given the following below:

package ldap

import javax.servlet.http.HttpServletRequest

import net.datenwerke.security.client.login.AuthToken
import net.datenwerke.security.service.authenticator.AuthenticationResult
import net.datenwerke.security.service.authenticator.ReportServerPAM
import net.datenwerke.security.service.authenticator.hooks.PAMHook
import net.datenwerke.security.service.usermanager.UserManagerService
import net.datenwerke.security.service.usermanager.entities.User

import com.google.inject.Inject
import com.google.inject.Provider

import org.apache.log4j.Logger

final CustomPAM CustomPAM = GLOBALS.injector.getInstance(CustomPAM.class);
GLOBALS.services.callbackRegistry.attachHook("CUSTOM_PAM", PAMHook.class, new PAMHook(){
	public void beforeStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
	}
	public void afterStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
		pams.clear();
		pams.add(CustomPAM);
	}
});

public class CustomPAM implements ReportServerPAM {
	
	final static Logger logger = Logger.getLogger(CustomPAM.class);
	
	private UserManagerService userManagerService;
	private Provider<HttpServletRequest> httpRequest;
	
	@Inject
	public CustomPAM(UserManagerService userManagerService, Provider<HttpServletRequest> httpRequest) {
		this.userManagerService = userManagerService;
		this.httpRequest = httpRequest;
	}
	
	
	public AuthenticationResult authenticate(AuthToken[] tokens) {
		String username = httpRequest.get().getRemoteUser();
		User u = userManagerService.getUserByName(username);
		if(null != u){
			logger.info("####### CustomPAM: logging in : " + u.getUsername());
			return new AuthenticationResult(true, u);
		}
		
		throw new Exception("Please contact your administrator to gain access to ReportServer.")
	}
	
	public String getClientModuleName() {
		return null;
	}

}

should it be ldap.CustomPAM?

Offline

#9 2024-06-20 12:07:17

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Using CAS SSO

Hi blueboy,

you can leave it empty, i.e.:

rs.authenticator.pams =

and make sure your PAM is in your onstartup.d directory.

Regards,
Eduardo

Offline

Board footer

Powered by FluxBB