Versions Compared

Old Version 3

changes.mady.by.user Jérôme LELEU

Saved on

compared with

New Version 4

changes.mady.by.user Jérôme LELEU

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

I. How to use OAuth server support configured for CAS server ?

Once you will have configured your CAS server with OAuth server support, you will be able to communicate with it through OAuth 2.0 protocol (http://tools.ietf.org/html/draft-ietf-oauth-v2-31) :

1) /oauth2.0/authorize

It's the url to call to authorize the user : the CAS login page will be displayed and the user will authenticate. After successfull authentication, the user will be redirected on OAuth callbackUrl with a code. Input GET parameters required : key and callbackUrl.

2) /oauth2.0/accessToken

It's the url to call to exchange the code for an access token. Input GET parameters required : key, callbackUrl, secret and code.

3) /oauth2.0/profile

It's the url to call to get the profile of the authorized user. Input GET parameter required : access_token. The response is in JSON format with all attributes of the user.

 

II. How to add OAuth server support in CAS server ?

1) Add dependency

First step is to add the dependency to the OAuth cas support module in the CAS server webapp pom.xml :

...

Code Block
languagehtml/xml
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
  <property name="id" value="1" />
  <property name="name" value="the_key_for_caswrapper1" />
  <property name="description" value="the_secret_for_caswrapper1" />
  <property name="serviceId" value="http://mycasserver/login" />
</bean>

<bean id="caswrapper1" class="org.jasig.cas.support.oauth.provider.impl.CasWrapperProvider20">
  <property name="key" value="the_key_for_caswrapper1" />
  <property name="secret" value="the_secret_for_caswrapper1" />
  <property name="callbackUrl" value="http://mycasserver/login" />
  <property name="serverUrl" value="http://mycasserverwithoauthwrapper/oauth2.0" />
</bean>

 

...

 

...

III. Technical presentation of the OAuth server mode

1) General

To reply to OAuth calls, the CAS server has a specific controller (OAuth20WrapperController), listening on a specific url (for example : /oauth2.0/*).
This wrapper delegates the authentication to the standard CAS authentication process (the callback is done by using a specific CAS service which is the callback url). It means that after being authenticated by the OAuth wrapped CAS server, the user is also authenticated in CAS.
The OAuth codes generated on the « authorize » OAuth calls are in fact CAS service tickets and the OAuth access tokens generated on the « access token » OAuth calls are in fact granting tickets.
OAuth client configurations are defined with CAS services : the key and secret of the OAuth clients have to be defined by the name and description of a CAS service to make OAuth client be « authorized » to use OAuth CAS server.

...