Wiki Markup |
---|
h2. Requirements 1. OpenCms is authenticated by CAS + LDAP. 2. OpenCms is authorized by CAS + LDAP. 3. Support OpenCms OU. 4. CAS will search LDAP for groups and roles when validating, not authenticating. 5. Validation URI can be customised, not /serviceValidate only. 6. Easy to extend the module to support CAS + DATABASE. \\ h1. h2. Environments Tested in Fedora 10, OpenJDK 1.6.0, Tomcat 5.5.27, OpenCms7.0.5, CAS3.3.1, OpenLDAP 2.4.12. \\ h2. Login Procedure !opencms7.0.5-cas3.3.1-ldap.png!\\ h2. Module Parameters *+ Module parameters for authentication handler:+* \\ {code} AuthenticationHandler: cn.langhua.opencms.ldap.cas.CmsCasAuthenticationHandler AutoUserRoleName: not required. If you want the user can login OpenCms workplace by default, this parameter should be RoleWorkplaceUsers. CasUrl: not required, default is https://localhost:8443/cas. CasLoginUri: not required, the uri to CAS login, default is /login. CasValidateUri: not required, the uri to CAS validate, default is /serviceValidate. CasLenientURL: not required, if set, this url will be used to validate CAS ticket, default is null. CasLogoutUri: not required, default is /logout. {code} h2. *+ Module parameters for authorization handler:+* \\ {code} AuthenticationHandler: cn.langhua.opencms.ldap.cas.CmsCasAuthorizationHandler GroupSearchDN: required, the group dn to resolve OpenCms OU. If not set, will use BaseDN. RoleSearchDN: required, the role dn to resolve OpenCms role. If not set, will use BaseDN. BaseDN: not required. AutoUserRoleName: not required. If you want the user can login OpenCms workplace by default, this parameter should be RoleWorkplaceUsers. CasUrl: not required, default is https://localhost:8443/cas. CasLoginUri: not required, the uri to CAS login, default is /login. CasValidateUri: not required, the uri to CAS validate, default is /serviceValidate. CasLenientURL: not required, if set, this url will be used to validate CAS ticket, default is null. CasLogoutUri: not required, default is /logout. {code} h2. Add a new validate servlet to CAS Here I use /authzValidate as the new validate servlet uri for an example. h4. 1. Add /authzValidate in $(cas_server)/WEB-INF/web.xml {code} cas /authzValidate {code} h4. 2. Modify {Modify$(cas_server} )/WEB-INF/cas-servlet.xml {code} ... <!-- start service validate extensions --> <prop key="/authzValidate"> authzValidateController </prop> <!-- end service validate extensions --> ... <!-- start service validate extensions --> <bean id="authzValidateController" class="org.jasig.cas.web.ServiceValidateController" p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification" p:centralAuthenticationService-ref="centralAuthorizationService" p:proxyHandler-ref="proxy20Handler" p:argumentExtractor-ref="casArgumentExtractor" /> <!-- end service validate extensions --> {code} h4. h4. 3. Modify {cas_server} h2. How to get the module and the source code SVN: [http://www.langhua.cn/langhua/modules/ldap/] Username:anon Password:anon ViewVC: [http://www.langhua.cn/viewvc/svn/modules/ldap/] Shi Yusen/Beijing Langhua Ltd. [http://langhua.org/] [http://langhua.biz/] |
Page Comparison
Manage space
Manage content
Integrations