...
The code is available in the JA-SIG SVN repository. The reference implementation also includes modifications to uPortal CAS client necessary to take advantage of the new feature.
CAS extensions
_(note: all classes described in this subsection are in the edu.csus.cas.clearpass package)_The CAS login workflow is modified to capture the cleartext password using CacheCredentialsAction. The passwords are stored in an cache implementing CredentialsCache interface. The default cache implementation (CredentialsCacheImpl) uses EhCache.
The ClearPass service endpoint (configured by default under /clearPass) is implemented by ClearPassController class. This service relies on a instance of ClearPassServiceValidator to check if a particular service is allowed to receive cleartext credentials. The default implementation (ClearPassServiceValidatorImpl) simply accepts an explicit list of approvied services (listed by their ProxyReceptor endpoints).
uPortal client extensions
uPortal extensions are implemented by providing an alternative SecurityContext implementation: org.jasig.portal.security.provider.cas.PasswordCachingCasFilteredSecurityContext.