Versions Compared

Old Version 9

changes.mady.by.user Misagh Moayyed

Saved on

compared with

New Version Current

changes.mady.by.user Misagh Moayyed

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It's the url to call to get the profile of the authorized user. Input GET parameter required : access_token. The response is in JSON format with all attributes of the user.

 

II. How to add OAuth server support in CAS server ?

...

Code Block
languagehtml/xml
<bean
  id="oauth20WrapperController"
  class="org.jasig.cas.support.oauth.web.OAuth20WrapperController"
  p:loginUrl="http://mycasserverwithoauthwrapper/cas/login"
  p:servicesManager-ref="servicesManager"
  p:ticketRegistry-ref="ticketRegistry"
  p:timeout="7200" />

...

Code Block
languagehtml/xml
<bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
  <property name="mappings">
    <props>
      <prop key="/logoutserviceValidate">logoutController<>serviceValidateController</prop>

      ...................... 
.....
 
      <prop key="/403.htmlstatistics">passThroughController<>statisticsController</prop>
      <prop key="/oauth2.0/*">oauth20WrapperController</prop>
    </props>
  </property>
  <property name="alwaysUseFullPath" value="true" />
</bean>

...

Code Block
languagehtml/xml
titleCAS 3.5.x
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
  <property name="registeredServices">
    <list>
      <bean class="org.jasig.cas.services.RegisteredServiceImpl">
        <property name="id" value="0" />
        <property name="name" value="HTTP" />
        <property name="description" value="oauth wrapper callback url" />
        <property name="serviceId" value="${server.prefix}/oauth2.0/callbackAuthorize" />
      </bean>
...

Starting with CAS 4, this configuration is made more explicit such that specific OAuth Services are now recognized by CAS:

Code Block
languagehtml/xml
titleCAS 4.x
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
  <property name="registeredServices">
    <list>
      <!-- A dedicated component to recognize OAuth Callback Authorization requests -->
      <bean class="org.jasig.cas.support.oauth.services.OAuthCallbackAuthorizeService">
        <property name="id" value="0" />
        <property name="name" value="HTTP" />
        <property name="description" value="oauth wrapper callback url" />
        <!-- By default, only support regex patterns if/when needed -->
        <property name="serviceId" value="${server.prefix}/oauth2.0/callbackAuthorize" />
      </bean>
...

3.2) OAuth Clients

A second service is necessary to register an OAuth client:

...

Code Block
languagehtml/xml
titleCAS 3.5.x
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
  <property name="registeredServices">
    <list>

      <bean class="org.jasig.cas.services.RegisteredServiceImpl">
        <property name="id" value="1" />
        <property name="name" value="the_key_for_caswrapper1" />
        <property name="description" value="the_secret_for_caswrapper1" />
        <property name="serviceId" value="http://mycasserver/loginoauth client service url" />
        <property name="theme" value="TheActualServiceName" />
      </bean>
...

Starting with CAS 4, this configuration is made more explicit such that specific OAuth Services are now recognized by CAS:

Code Block
languagehtml/xml
titleCAS 4.x
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
  <property name="registeredServices">
    <list>
      
      <bean class="org.jasig.cas.support.oauth.services.OAuthRegisteredService">
        <property name="id" value="1" />
        <property name="name" value="serviceName" />
        <property name="description" value="Service Description" />
        <!-- Supports regex patterns by default for service ids -->
        <property name="serviceId" value="oauth client service url" />
        <property name="clientId" value="client id goes here" />
        <property name="themeclientSecret" value="TheActualServiceNameclient secret goes here" />
      </bean>
...

Note that there are specific properties, clientId and clientSecret dedicated to OAuth clients for configuration. 

3.

...

3) (Optional) CAS OAuth Client using another CAS OAuth Server

If you have one CAS server configured with the CasWrapperProvider20 (the client) to communicate with a CAS server wrapping OAuth 2.0 protocol (the server), you have the name and description of the service in CAS « server » matching the key and secret of the identity provider defined in the CAS « client » :

...

This controller returns a profile for the authenticated user (identifier + attributes), found with the access token (CAS granting ticket).

i) OAuthRegisteredService (org.jasig.cas.support.oauth.services)

CAS 3, OAuth clients are registered via the above component in the service registry. Allows for options to define service name, client id and secret. 

j) OAuthCalllbackAuthorizeService (org.jasig.cas.support.oauth.services)

CAS 4, the callback authorize service is to be defined via the above specific service in the service registry (use regexp pattern).

k) OAuthRegisteredCallbackAuthorizeService (org.jasig.cas.support.oauth.services)

CAS 4, same service as above but defined as Ant pattern.