Versions Compared

Old Version 11

changes.mady.by.user Andrew Petro

Saved on

compared with

New Version 12

changes.mady.by.user Dave Brondsema

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this case, any URL beneath /webapp/cas-protected would require a CAS login. If you want to protect your entire web application, you can simply put /* for the URL pattern:

Code Block
xml
xml
  <filter-mapping>
    <filter-name>CAS Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

...

init-param name

usage

edu.yale.its.tp.cas.client.filter.loginUrl

The URL whereat CAS offers its Login page. e.g. https://secure.its.yale.edu/cas/login

edu.yale.its.tp.cas.client.filter.validateUrl

The URL whereat CAS offers its service ticket or proxy ticket validation service. e.g. https://secure.its.yale.edu/cas/serviceValidate or https://secure.its.yale.edu/cas/proxyValidate . Must be a proxyValidate service if you intend to accept any proxy tickets.

edu.yale.its.tp.cas.client.filter.serverName

This parameter specifies the server name and port of the service being filtered (not of the CAS Server itself). E.g., www.yale.edu:8080 Either this parameter or the serviceUrl parameter must be set.

edu.yale.its.tp.cas.client.filter.serviceUrl

This parameter replaces the serverName parameter above. It becomes the URL that CAS redirects to after login. If you have one specific point of entry to your web application and you want all logins to proceed through that page, you would specify the full URL of that page here. Either this parameter or the serverName parameter must be set.

...

init-param

usage

edu.yale.its.tp.cas.client.filter.proxyCallbackUrl

to obtain a Proxy Granting Ticket and thereby have your application proxy authentication to other services, you'll need to specify an http: URL where you'd like PGT, PGTIOU pairs sent. This will typically be a URL you've mapped to an instance of the ProxyTicketReceptor servlet.

edu.yale.its.tp.cas.client.filter.authorizedProxy

to allow the filter to accept proxy tickets, you need to specify valid proxies through which the authorization must have proceeded. This initialization parameter accepts a whitespace-delimited list of valid proxy URLs. Only one URL needs to match for the login to be successful. Note that if you do want to accept proxy tickets, you will have to change the validateUrl above to proxyValidate rather than serviceValidate

edu.yale.its.tp.cas.client.filter.renew

if set to the string, true, this is the equivalent of authenticating a ticket with renew=true passed as a parameter. This may be used for high-security applications where the user must enter his/her credentials again before accessing the filtered URLs.

edu.yale.its.tp.cas.client.filter.wrapRequest

if set to the string "true" the CASFilter will wrap the request such that calls to getRemoteUser() return the authenticated username.

edu.yale.its.tp.cas.client.filter.gateway

see gateway

Consuming the results of CASFilter

...