Versions Compared

Old Version 2

changes.mady.by.user Andrew Petro

Saved on

compared with

New Version Current

changes.mady.by.user ScottS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

No Format
org.jasig.portal.security.provider.YaleCasContext.CasValidateUrl=https://yoursecureserver.edu/cas/serviceValidate

...

Proxying authentication

The above instructions should get you to the point where users can authenticate to your uPortal itself using CAS. A killer feature for portals that CAS offers beyond this initial authentication is proxy authentication. In this section we describe the additional configuration you need to make to turn on proxy authentication. We highly recommend that you first verify that you are able to CAS authenticate to your uPortal istself before tackling the additional complexities of proxy authentication.

Configuring CAS proxy authentication is required in order for your uPortal instance to use Proxy Tickets to proxy authentication to backend service providers (e.g., XML feeds or CWebProxy targets), but is by no means required to use CAS for authentication to your uPortal instance itself.

Receiving proxy tickets

You'll need to map the ProxyTicketReceptor servlet in your web.xml. This servlet must be available via https:

Code Block
titleMapping the ProxyTicketReceptor in web.xml

  <servlet>
    <servlet-name>CasProxyServlet</servlet-name>
    <servlet-class>edu.yale.its.tp.cas.proxy.ProxyTicketReceptor</servlet-class>
    <load-on-startup>4</load-on-startup>
  </servlet>

  ...

  <servlet-mapping>
    <servlet-name>CasProxyServlet</servlet-name>
    <url-pattern>/CasProxyServlet</url-pattern>
  </servlet-mapping>

Asking for proxy tickets

Having mapped ProxyTicketReceptor, you're prepared to receive proxy tickets if the CAS server would send them to you. But you also need to configure the YaleCasContext to ask for them.

Configure the YaleCasContext with a CAS proxy callback URL whereat you have mapped the CASClient ProxyTicketReceptor servlet. The proxy callback URL must be https:.

No Format
org.jasig.portal.security.provider.YaleCasContext.CasProxyCallbackUrl=https://yourschool.edu/uPortal/CasProxyServlet
Warning
titleThe Proxy Callback MUST be over SSL

The proxy callback URL MUST be an https: URL.

Obtaining and using ProxyTickets in your IChannel implementations

Your IChannels obtain and use proxy tickets through the LocalConnectionContext abstraction, as implemented by a CasConnectionContext instance.