| Wiki Markup |
|---|
h2. Requirements
1. OpenCms is authenticated by CAS + LDAP.
2. OpenCms is authorized by CAS + LDAP.
3. Support OpenCms OU.
4. CAS will search LDAP for groups and roles when validating, not authenticating.
5. Validation URI can be customised, not /serviceValidate only.
6. Easy to extend the module to support CAS + DATABASE.
\\
h1.
h2. Environments
Tested in Fedora 10, OpenJDK 1.6.0, Tomcat 5.5.27, OpenCms7.0.5, CAS3.3.1, OpenLDAP 2.4.12.
\\
h2. Login Procedure
!opencms7.0.5-cas3.3.1-ldap.png!\\
h2. Module Parameters
*+ Module parameters for authentication handler:+*
\\
{code}
AuthenticationHandler: cn.langhua.opencms.ldap.cas.CmsCasAuthenticationHandler
AutoUserRoleName: not required. If you want the user can login OpenCms workplace by default, this parameter should be RoleWorkplaceUsers.
CasUrl: not required, default is https://localhost:8443/cas.
CasLoginUri: not required, the uri to CAS login, default is /login.
CasValidateUri: not required, the uri to CAS validate, default is /serviceValidate.
CasLenientURL: not required, if set, this url will be used to validate CAS ticket, default is null.
CasLogoutUri: not required, default is /logout.
{code}
h2.
*+ Module parameters for authorization handler:+*
\\
{code}
AuthenticationHandler: cn.langhua.opencms.ldap.cas.CmsCasAuthorizationHandler
GroupSearchDN: required, the group dn to resolve OpenCms OU. If not set, will use BaseDN.
RoleSearchDN: required, the role dn to resolve OpenCms role. If not set, will use BaseDN.
BaseDN: not required.
AutoUserRoleName: not required. If you want the user can login OpenCms workplace by default, this parameter should be RoleWorkplaceUsers.
CasUrl: not required, default is https://localhost:8443/cas.
CasLoginUri: not required, the uri to CAS login, default is /login.
CasValidateUri: not required, the uri to CAS validate, default is /serviceValidate.
CasLenientURL: not required, if set, this url will be used to validate CAS ticket, default is null.
CasLogoutUri: not required, default is /logout.
{code}
h2. Add a new validate servlet to CAS
Here I use /authzValidate as the new validate servlet uri for an example.
h4. 1. Add /authzValidate in $(cas_server)/WEB-INF/web.xml
{code}
cas
/authzValidate
{code}
h4. 2. Modify {Modify$(cas_server}
)/WEB-INF/cas-servlet.xml
{code}
...
<!--
start
service validate extensions -->
<prop
key="/authzValidate">
authzValidateController
</prop>
<!-- end service validate
extensions
-->
...
<!--
start
service
validate extensions -->
<bean id="authzValidateController" class="org.jasig.cas.web.ServiceValidateController"
p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
p:centralAuthenticationService-ref="centralAuthorizationService"
p:proxyHandler-ref="proxy20Handler"
p:argumentExtractor-ref="casArgumentExtractor" />
<!-- end service validate extensions -->
{code}
h4.
h4. 3. Modify
{cas_server}
h2. How to get the module and the source code
SVN:
[http://www.langhua.cn/langhua/modules/ldap/]
Username:anon
Password:anon
ViewVC:
[http://www.langhua.cn/viewvc/svn/modules/ldap/]
Shi Yusen/Beijing Langhua Ltd.
[http://langhua.org/]
[http://langhua.biz/] |
Page Comparison
Manage space
Manage content
Integrations