...
It's the url to call to get the profile of the authorized user. Input GET parameter required : access_token. The response is in JSON format with all attributes of the user.
II. How to add OAuth server support in CAS server ?
...
Code Block | ||
---|---|---|
| ||
<bean
id="oauth20WrapperController"
class="org.jasig.cas.support.oauth.web.OAuth20WrapperController"
p:loginUrl="http://mycasserverwithoauthwrapper/cas/login"
p:servicesManager-ref="servicesManager"
p:ticketRegistry-ref="ticketRegistry"
p:timeout="7200" /> |
...
Code Block | ||
---|---|---|
| ||
<bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> <property name="mappings"> <props> <prop key="/logoutserviceValidate">logoutController<>serviceValidateController</prop> .................... ....... <prop key="/403.htmlstatistics">passThroughController<>statisticsController</prop> <prop key="/oauth2.0/*">oauth20WrapperController</prop> </props> </property> <property name="alwaysUseFullPath" value="true" /> </bean> |
...
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="the_key_for_caswrapper1" /> <property name="description" value="the_secret_for_caswrapper1" /> <property name="serviceId" value="oauth client service url" /> <property name="theme" value="http://mycasserver/loginTheActualServiceName" /> </bean> ... |
Starting with CAS 4, this configuration is made more explicit such that specific OAuth Services are now recognized by CAS:
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.support.oauth.services.OAuthRegisteredService"> <property name="id" value="1" /> <property name="name" value="serviceName" /> <property name="description" value="Service Description" /> <!-- Supports regex patterns by default for service ids --> <property name="serviceId" value="oauth client service url" /> <property name="clientId" value="client id goes here" /> <property name="themeclientSecret" value="TheActualServiceNameclient secret goes here" /> </bean> ... |
Note that there are specific properties, clientId and clientSecret dedicated to OAuth clients for configuration.
3.
...
3) (Optional) CAS OAuth Client using another CAS OAuth Server
If you have one CAS server configured with the CasWrapperProvider20 (the client) to communicate with a CAS server wrapping OAuth 2.0 protocol (the server), you have the name and description of the service in CAS « server » matching the key and secret of the identity provider defined in the CAS « client » :
...
This controller returns a profile for the authenticated user (identifier + attributes), found with the access token (CAS granting ticket).
i) OAuthRegisteredService (org.jasig.cas.support.oauth.services)
CAS 3, OAuth clients are registered via the above component in the service registry. Allows for options to define service name, client id and secret.
j) OAuthCalllbackAuthorizeService (org.jasig.cas.support.oauth.services)
CAS 4, the callback authorize service is to be defined via the above specific service in the service registry (use regexp pattern).
k) OAuthRegisteredCallbackAuthorizeService (org.jasig.cas.support.oauth.services)
CAS 4, same service as above but defined as Ant pattern.