...
Now let's dive into CAS configuration itself.
Declare the OpenID endpoint (ONLY since CAS 4.0)
Since CAS 4.0, the OpenID endpoint for discovery is no more enabled by default in the CAS server (in fact, it is no more available in the cas-server-support-webapp module : it has been moved to the cas-server-support-openid module).
The OpenID discovery endpoint should be enabled during the configuration process. In the web.xml file, the following mapping must be added :
| Code Block | ||||
|---|---|---|---|---|
| ||||
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/openid/*</url-pattern>
</servlet-mapping> |
In the cas-servlet.xml file, the following mapping and bean must be added :
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/logout">logoutController</prop>
...
<prop key="/openid/*">openIdProviderController</prop>
...
<bean
id="openIdProviderController"
class="org.jasig.cas.support.openid.web.OpenIdProviderController"
p:loginUrl="${server.prefix}/login"/> |
Update webflow
CAS uses a spring webflow to describe the the authentication process. We need to change it a little bit to allow CAS to switch to OpenId authentication if it recognizes one. This is done in the login-webflow.xml fie. After the on-start element just add these two blocks :
...