Versions Compared

Old Version 19

changes.mady.by.user Andrew Petro

Saved on

compared with

New Version 20

changes.mady.by.user Bhaskara Undi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The keys will also need to be available to the CAS application (but not publicly available over the Internet). We recommend you place the keys within your classpath (i.e. WEB-INF/classes) though any location accessible by the user running the web server instance is acceptable:

No Format

openssl genrsa -out private.key 1024
openssl rsa -pubout -in private.key -out public.key -inform PEM -outform DER
openssl pkcs8 -topk8 -inform PER -outform DER -nocrypt -in private.key -out private.p8
openssl req -new -x509 -key private.key -out x509.pem -days 365

...

You'll need to modify the WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml, and add the following:
(note: the section  p:httpClient-ref="httpClient"   is only for 3.4 and up, and should be removed for 3.3.x)

No Format

<bean
        name="googleAccountsArgumentExtractor"
	class="org.jasig.cas.web.support.GoogleAccountsArgumentExtractor"
	p:privateKey-ref="privateKeyFactoryBean"
	p:publicKey-ref="publicKeyFactoryBean"
        p:httpClient-ref="httpClient" />

Reference that from the list of ArgumentExtractors, so it would look something like this:

No Format

<util:list id="argumentExtractors">
	<ref bean="casArgumentExtractor" />
	<ref bean="samlArgumentExtractor" />
	<ref bean="googleAccountsArgumentExtractor" />
</util:list>

You'll need to configure the keys so they can be loaded from the files. You do that as follows:

No Format

<bean
	id="privateKeyFactoryBean"
	class="org.jasig.cas.util.PrivateKeyFactoryBean"
	p:location="classpath:private.p8"
	p:algorithm="RSA" />

<bean
	id="publicKeyFactoryBean"
	class="org.jasig.cas.util.PublicKeyFactoryBean"
	p:location="classpath:public.key"
	p:algorithm="RSA" />

...

The final step is to configure Google. You'll need to provide Google with the URL for your SAML-based SSO service, as well as the URL your users will be redirected to when they log out of a hosted Google application.

Sign-in page URL: https://yourCasServer/login
Sign-out page URL: http://whateverServerYouWouldLike
Change password URL: http://whateverServerYouWouldLike

If you wish to use a Google email username that is different from your CAS userid, please read Google Apps from MS-AD using the 'mail' attribute. While this uses MS-AD, it applies to any LDAP directory.

Step 4 - Add Google Apps service in CAS

Service URL : https://www.google.com/a/YourGoogleDomain/acs