Percussion CM System relies on Java Authentication and Authorization Service (JAAS) for authenticating users. JAAS enables implementations to use a wide array of authentication services such as LDAP, Active Directory, Backend Databases, etc… Our infrastructure uses a combination of LDAP and Jasig CAS (Single Sign-On services); however, we have only been able to use LDAP until we formed this repository. This repository introduces the necessary changes in order to enable Jasig CAS support which includes but not limited to:
[ul]
[li]Modified Jasig CAS Client 3.1.x[/li][LIST]
[li]Subject was delivered as the ticket url instead of username[/li][/ul]
[li]Modified PSLoginServlet[/li][ul]
[li]Handles login requests from CAS filters[/li][/ul]
[/LIST]
The repository has the necessary installation documents – an installer does not exist at this time.
[ol]
[li]Download extension from github[/li][li]Extract extension from compressed file[/li][li]Transfer PercussionJasigCAS.jar and dependency JARS (located in the lib/ directory) to <Rhythmyx>/AppServer/server/rx/deploy/rxapp.ear/rxapp.war/WEB-INF/lib/[/li][li]Shutdown Rhythmyx / Percussion CM[/li][li]Modify <Rhythmyx>/AppServer/server/rx/conf/login-conf.xml to have similar entries as https://github.com/rileyw/PercussionJasigCAS/blob/master/login-conf.xml[/li][ul]
[li]Do not forget to update casServerUrlPrefix with your own value[/li][/ul]
[li]Modify <Rhythmyx>/AppServer/server/rx/deploy/rxapp.ear/rxapp.war/WEB-INF/web.xml to have similar entries as https://github.com/rileyw/PercussionJasigCAS/blob/master/web.xml[/li][ul]
[li]Do not forget to update serverName, casServerLoginUrl, and casServerUrlPrefix with your own values[/li][/ul]
[li]Restart Rhythmyx / Percussion CM[/li][/ol]
[SIZE=5]Note
[SIZE=2]Important to remember that changes/modifications to [/SIZE]<Rhythmyx>/AppServer/server/rx/deploy/rxapp.ear/rxapp.war/WEB-INF/web.xml may have to be reapplied after an update and/or patch. Also remember to define an additional login-module such as LDAP for Workbench, Server Administrator, WebDAV, etc… authentication that cannot utilize a single sign-on session.
[/SIZE][/SIZE]