Versions Compared

Old Version 8

changes.mady.by.user Jérôme LELEU

Saved on

compared with

New Version 9

changes.mady.by.user Jérôme LELEU

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you want to enable SAML support in the CAS server, you need to apply some of the following steps :

  • step 1 is mandatory
  • step 2 is optional and necessary to support SAML validation from CAS client perspective
  • step 3 is optional and necessary to support SAML 1.1 authentication requests
  • step 4 is optional and necessary to delegate Google SAML 2.0 authentication to your CAS server.

 

Step 1

...

: add the Maven dependency to your CAS server pom.xml file :

Code Block
languagehtml/xml
<dependency>
  <groupId>org.jasig.cas</groupId>
  <artifactId>cas-server-support-saml</artifactId>
  <version>4.0.0</version>
</dependency>

 

Step 2

...

: enable SAML validation (/samlValidate url)

  1. Add the appropriate mapping in the handlerMappingC bean in the cas-servlet.xml file :

    Code Block
    languagehtml/xml
    <bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
  <property name="mappings">
    <props>
      ...
      <prop key="/samlValidate">samlValidateController</prop>
      ...

  2. with the samlValidateController bean :

    Code Block
    languagehtml/xml
    <bean id="samlValidateController" class="org.jasig.cas.web.ServiceValidateController"
  p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
  p:centralAuthenticationService-ref="centralAuthenticationService"
  p:proxyHandler-ref="proxy20Handler"
  p:argumentExtractor-ref="samlArgumentExtractor"
  p:successView="casSamlServiceSuccessView"
  p:failureView="casSamlServiceFailureView"/>

  3. add the servlet mapping in the web.xml file :

    Code Block
    languagehtml/xml
    <servlet-mapping>
  <servlet-name>cas</servlet-name>
  <url-pattern>/samlValidate</url-pattern>
</servlet-mapping>

 

Step 3

...

: enable SAML 1.1 support

  1. Add the appropriate SAML arguments extractor in the argumentExtractorsConfiguration.xml file :

    Code Block
    languagehtml/xml
    <bean id="samlArgumentExtractor" class="org.jasig.cas.support.saml.web.support.SamlArgumentExtractor"
  p:httpClient-ref="noRedirectHttpClient"
  p:disableSingleSignOut="${slo.callbacks.disabled:false}" />

  2. Add it to the list of arguments extractors :

    Code Block
    languagehtml/xml
    <util:list id="argumentExtractors">
  <ref bean="casArgumentExtractor" />
  <ref bean="samlArgumentExtractor" />
</util:list>

  3. Add the SAML id generator in the uniqueIdGenerators.xml file :

    Code Block
    languagehtml/xml
    <bean id="samlServiceTicketUniqueIdGenerator" class="org.jasig.cas.support.saml.util.SamlCompliantUniqueTicketIdGenerator">
  <constructor-arg index="0" value="https://localhost:8443" />
</bean>

  4. and reference it in the uniqueIdGeneratorsMap :

    Code Block
    languagehtml/xml
    <util:map id="uniqueIdGeneratorsMap">
  <entry
    key="org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl"
    value-ref="serviceTicketUniqueIdGenerator" />
  <entry
    key="org.jasig.cas.support.openid.authentication.principal.OpenIdService"
    value-ref="serviceTicketUniqueIdGenerator" />
  <entry
    key="org.jasig.cas.support.saml.authentication.principal.SamlService"
    value-ref="samlServiceTicketUniqueIdGenerator" />
</util:map>

 

Step 4

...

: enable Google SAML 2.0 support

  1. Add the appropriate SAML arguments extractor in the argumentExtractorsConfiguration.xml file :

    Code Block
    languagehtml/xml
    <bean id="googleAccountsArgumentExtractor" class="org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor"
      p:privateKey-ref="privateKeyFactoryBean"
      p:publicKey-ref="publicKeyFactoryBean"
      p:httpClient-ref="httpClient" />

  2. Add it to the list of arguments extractors :

    Code Block
    languagehtml/xml
    <util:list id="argumentExtractors">
  <ref bean="casArgumentExtractor" />
  <ref bean="googleAccountsArgumentExtractor" />
</util:list>

  3. Add a new generator to the uniqueIdGeneratorsMap bean in the uniqueIdGenerators.xml file :

    Code Block
    languagehtml/xml
    <util:map id="uniqueIdGeneratorsMap">
  <entry
    key="org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl"
    value-ref="serviceTicketUniqueIdGenerator" />
  <entry
    key="org.jasig.cas.support.openid.authentication.principal.OpenIdService"
    value-ref="serviceTicketUniqueIdGenerator" />
  <entry
    key="org.jasig.cas.support.saml.authentication.principal.GoogleAccountsService"
    value-ref="serviceTicketUniqueIdGenerator" />
</util:map>