Versions Compared

Old Version 6

changes.mady.by.user ScottS

Saved on

compared with

New Version 7

changes.mady.by.user Kevin Sewell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add the following to enable validation of an OpenID request:

Code Block
xml
xml
	<bean id="openIdValidateController" class="org.jasig.cas.web.ServiceValidateController"
		p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
		p:centralAuthenticationService-ref="centralAuthenticationService"
		p:proxyHandler-ref="proxy20Handler"
		p:argumentExtractor-ref="openIdArgumentExtractor"
		p:successView="casOpenIdServiceSuccessView"
		p:failureView="casOpenIdServiceFailureView" />

...

Finally, in the cas-servlet.xml you'll need to add the action that we will reference in the login flow xml file:

Code Block
xml
xml

 
  <bean id="openIdSingleSignOnAction" class="org.jasig.cas.support.openid.web.flow.OpenIdSingleSignOnAction"
    	p:centralAuthenticationService-ref="centralAuthenticationService" />

...

login-webflow.xml

Add the following decision and action states to your login-webflow.xml

Code Block
xml
xml

<decision-state id="selectFirstAction">
    <if test="${externalContext.requestParameterMap['openid.mode'] != '' &amp;&amp; externalContext.requestParameterMap['openid.mode'] != null}"
        then="openIdSingleSignOnAction"
        else="ticketGrantingTicketExistsCheck" />
</decision-state>

<action-state id="openIdSingleSignOnAction">
    	    <action bean="openIdSingleSignOnAction" />
    	    <transition on="success" to="sendTicketGrantingTicket" />
       	 <transition on="error" to="ticketGrantingTicketExistsCheckviewLoginForm" />
        	<transition on="warn" to="warn" />
    </action-state>state> 

You'll want to modify your InitialFlowAction's "success" event to go to "openIdSingleSignOnAction""selectFirstAction". For example:

Code Block

<action-state id="initialFlowSetup">
    <action bean="initialFlowSetupAction" />
    <transition on="success" to="selectFirstAction" />
</action-state>

Modify the login view

Instead of the normal NetId login field, any CAS instance that accepts OpenID credentials needs to be able to not accept a Username (as its provided by the OpenID protocol). This can be accomplished with the following snippit of code on the login JSP page:

Code Block
xml
xml
<c:if test="${not empty sessionScope.openIdLocalId}">
	<strong>${sessionScope.openIdLocalId}</strong>
	<input type="hidden" id="username" name="username" value="${sessionScope.openIdLocalId}" />
</c:if>
					
<c:if test="${empty sessionScope.openIdLocalId}">
	<input class="required" id="username" name="username" size="32" tabindex="1" accesskey="<spring:message code="screen.welcome.label.netid.accesskey" />" />
</c:if>