Versions Compared

Old Version 4

changes.mady.by.user ScottS

Saved on

compared with

New Version Current

changes.mady.by.user Misagh Moayyed

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Service Management Application Url

...

Warning
titleNew CAS documentation site

CAS documentation has moved over to apereo.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link.

Warning
titleServices management webapp

Before CAS server 4.0.0, the services management webapp is part of the CAS server and can be accessed through an url like : https://

...

localhost:8443/cas/services/.

Configuring the Security Options

Using the Services Management Tool

Database Schema

NOTE: This application currently uses an in-memory dao. For production deployments it should be replaced with the JPA-provided one.

No Format
<!-- This is the EntityManagerFactory configuration for Hibernate --> <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> <property name="dataSource" ref="dataSource"/> <property name="jpaVendorAdapter"> <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> <property name="generateDdl" value="true"/> <property name="showSql" value="true" /> </bean> </property> </bean> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="entityManagerFactory"/> </bean> <tx:annotation-driven transaction-manager="transactionManager"/> <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" p:driverClass="org.hsqldb.jdbcDriver" p:jdbcUrl-ref="database" p:password="" p:user="sa" />

With the new major version 4.0.0 of CAS, the services management webapp is in a more general and separate webapp dedicated to CAS management : the cas-management-webapp module, which can be accessed through an url like : https://localhost:8443/management/.

Warning
titleallowedToProxy

When defining a service, there is an option called allowedToProxy which allows a CAS service to play the role of a CAS proxy.

Before CAS 4.0, this option was enabled by default. However, as the proxy mechanism is extremely powerful and in order to improve security on the CAS server, this option is now disabled by default (on CAS 4.0). Please read : CAS Threat Modeling and Proposals to mitigate security risks for a better understanding of what the CAS security group is trying to achieve in terms of security.

What is Services Management?

The Services Management console, in conjunction with other features of the "services" package allow a CAS Deployer to control what services are allowed to authenticate via CAS, and in particular what those services can do with CAS.

Examples include: the attributes a service can see, whether they can proxy, whether they should be allowed to do single sign on, etc.

To get started, type in the following link to view the web interface (as of CAS 3.1.1), then you will be directed to the Editing page.

Code Block
https://localhost:8443/cas/services/

Remark: The host and port may have been changed according to the Configuring page.

 

 

Info
titleHost and port settings for quick demos

As above, it is normally assumed you have configured the https protocol for the servlet container (e.g., tomcat) that will host your CAS server deployment.  However, if demoing the CAS server without configuring for https protocol, you can use the default host and port configuration.

http://localhost:8080/cas/services/

Note

Note that you still need to refer to the Configuring page so as to authorize access for at least one demo user.