...
with its mapping in the handlerMappingC bean (cas-servlet.xml) :
| Code Block | ||
|---|---|---|
| ||
<bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/logout">logoutController</prop>
...........................
<prop key="/403.html">passThroughController</prop>
<prop key="/oauth2.0/*">oauth20WrapperController</prop>
</props>
</property>
<property name="alwaysUseFullPath" value="true" />
</bean> |
...
3) Add the needed CAS services
3.1) Callback Authorization
One service is need to make the OAuth wrapper works in CAS. It defines the callback url after CAS authentication to return to the OAuth wrapper as a CAS service.A second service is necessary to register an OAuth client : the name and the description of the CAS service are the key and secret of the OAuth client. For each OAuth client, a CAS service needs to be added in configuration.
For the in memory service registry, you add the two services in the deployerConfigContext.xml :
Note: the callback url must in fact end with "callbackAuthorize".
| Code Block | ||
|---|---|---|
| ||
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0" />
<property name="name" value="HTTP" />
<property name="description" value="oauth wrapper callback url" />
<property name="serviceId" value="http://mycasserverwithoauthwrapper/${server.prefix}/oauth2.0/callbackAuthorize" />
</bean> |
3.2) OAuth Clients
A second service is necessary to register an OAuth client:
- The name and the description of the CAS service are the key and secret of the OAuth client.
- The theme is the actual service name that is to be used in the UI when services are asked for Authorization once the CAS login session has been established.
For each OAuth client, a CAS service needs to be added in configuration.
| Code Block | ||
|---|---|---|
| ||
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="the_key_for_caswrapper1" /> <property name="description" value="the_secret_for_caswrapper1" /> <property name="serviceId" value="http://mycasserver/login" /> <property name="theme" value="TheActualServiceName" /> </bean> |
...
... |
3.2) (Optional) CAS OAuth Client using another CAS OAuth Server
If you have one CAS server configured with the CasWrapperProvider20 (the client) to communicate with a CAS server wrapping OAuth 2.0 protocol (the server), you have the name and description of the service in CAS « server » matching the key and secret of the identity provider defined in the CAS « client » :
| Code Block | ||
|---|---|---|
| ||
<bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="the_key_for_caswrapper1" /> <property name="description" value="the_secret_for_caswrapper1" /> <property name="serviceId" value="http://mycasserver/login" /> </bean> <bean id="caswrapper1" class="org.jasig.cas.support.oauth.provider.impl.CasWrapperProvider20"> <property name="key" value="the_key_for_caswrapper1" /> <property name="secret" value="the_secret_for_caswrapper1" /> <property name="callbackUrl" value="http://mycasserver/login" /> <property name="serverUrl" value="http://mycasserverwithoauthwrapper/oauth2.0" /> </bean> |
...