Note |
---|
As of CAS 3.5, LPPE support is built into CAS distribution. See this link for more info. |
Note |
---|
This work has migrated to github feature branch feature-lppe |
LPPE Module Integration Notes
Notes on what it took to get LPPE Module integrated in CAS 3.4.10. This work has been done in investigative feature branch cas-server-3.4.10-lppe. Motivation for the feature branch is to better understand the integration points and if it is reasonable to consider this for a minor CAS release.
The feature branch was started off of cas-server-3.4.10
Java class files
- created new module directory for cas-server-support-ldap-ppolicy
- updated module and project pom files. jars building appropriately.
...
These are forks of existing code with updates needed to plug in the LDAP error messaging capture/translation. Looks like the changes they require might be OK for a minor release.
Webapp content
These files all have non-intrusive additions
...
WEB-INF/login-webflow.xml
additions for lppe UX plus change to introduce lppe into the flow. (how to introduce this as a noop if not configured?)
Code Block |
---|
<decision-state id="warn">
<if test="flowScope.warnCookieValue" then="showWarningView" else="PasswordWarningCheck" />
</decision-state>
|
...
check out feature branch, mvn clean package install, to place cas-server-3.4.10-LPPE-SNAPSHOT in your local mvn repo.
update cas version in your mvn overlay cas-server-3.4.10-LPPE-SNAPSHOT
add lppe module to mvn overlay pom.xml
Code Block |
---|
<!-- CAS LDAP Password Policy support -->
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-ldap-ppolicy</artifactId>
<version>${cas.version}</version>
<scope>runtime</scope>
</dependency>
|
Add applicationContext.xml with ref to LdapCASImpl
Code Block |
---|
<!-- CentralAuthenticationService with principal -->
<bean id="centralAuthenticationService" class="org.jasig.cas.LdapPwdCentralAuthenticationServiceImpl"
|
config authentication handler in deployConfigContext.xml
Code Block |
---|
<bean class="org.jasig.cas.adaptors.ldappwd.BindLdapAuthenticationHandler" >
<property name="contextSource" ref="contextSource" />
<property name="searchContextSource" ref="pooledContextSource" />
<property name="searchBase" value="${ldap.searchBase}" />
<property name="filter" value="sAMAccountName=%u" />
<property name="ignorePartialResultException" value="true" />
<property name="errorProcessor" ref="firstErrorProcessor" />
</bean>
</list>
</property>
</bean>
<bean id="firstErrorProcessor" class="org.jasig.cas.adaptors.ldappwd.util.ExpiredPasswordErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.AccountLockedErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.MustChangePasswordErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.BadHoursErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.BadWorkstationErrorProcessor">
<property name="nextItem">
<bean class="org.jasig.cas.adaptors.ldappwd.util.AccountDisabledErrorProcessor" />
</property>
</bean>
</property>
</bean>
</property>
</bean>
</property>
</bean>
</property>
</bean>
|
comment out switch in login-webflow.xml
Code Block |
---|
<decision-state id="warn"> <if test="flowScope.warnCookieValue" then="showWarningView" else="PasswordWarningCheck" /> </decision-state> |
Possible approach for near term adoption of this feature on 3.4.x
get out a patch for cas-server
1. apply patch, local build install
2. config overlay
3. good to go.Possible approach for medium term adoption of this feature in 3.5
1. refactor for integration in core
2. enable module with maven overlay. put sample config in module/etc or in the files themselves?