Hi All.
I want to ask you some questions about exo-sso.
I use an older exoplatform because we are using SpagoBI 1.9.3 and is in production environment. I can't change without testing and webos has different look & feel, it would be a bad idea change the GUI without capacitation.
Where can I download source code of exo-sso, more precisely exo-sso.plugins.cas-2-1.0.jar?
I have found some errors I want to fix, but I don't know if I have to download the full project to fix this or if I only need this subproject.
I'm trying to login spagobi through a remote CAS server we have, but I found that exo is always trying to log in localhost.
I have followed the instructions of exo-sso configuration without success (http://docs.exoplatform.org/exo-documents/exo-sso.site/cas.html <http://docs.exoplatform.org/exo-documents/exo-sso.site/cas.html> ).Then I look where this value is hardcoded and I found int configuration.xml at exo-sso.plugins.cas-2-1.0.jar.
Then I changed to my cas server, but again without success. Exo redirects to me at the CAS server but the service returning URL is wrong.
This is the example URL generated at my CAS server
https://mycasserver.mydomain.com.ar:8443//login?service=https://mycasserver.mydomain.com.ar:8443/sbiportal/cas_login.jsp <https://mycasserver.mydomain.com.ar:8443//login?service=https://mycasserver.mydomain.com.ar:8443/sbiportal/cas_login.jsp>Look at the double dash after 8443, exo is assumming that cas server always has an application path. I have my CAS server at root. This is happening when applicationPath parameter at configuration.xml is empty.
Exo is pressuposing that the spagobi is in the same server, is listening in the same port and a secured port. Which is totally wrong in my case.
Spago by is not listening at a secured port, is listening at port 80, in a different server.
The correct URL generated should be
https://mycasserver.mydomain.com.ar:8443/login?service=http://myspagobiserver.mydomain.com.ar/sbiportal/cas_login.jsp <https://mycasserver.mydomain.com.ar:8443/login?service=http://myspagobiserver.mydomain.com.ar/sbiportal/cas_login.jsp>Can you give some advices or ideas of how to fix this and how can I submit the changes?
Anyway I have no idea of how to take this configurations from the web.xml config file instead of the actual configuration.xml hardcoded in the exo-sso.plugins.cas-2-1.0.jar lib.
I'm really stuck with this, for now I give to the users a different password than the principal one. It's a headache because users call me many times to ask me
the password and it's a security risk.
By the way I think a better way of authentication is to integrate spring-acegi, it support many differents ways of authentication including CAS. It would be more transparent for you and for the user to change authentication without changing a line of code.
Regards
Agustin
