...
The Realm, Authenticator, and Valve components are wired together inside a Tomcat Context configuration element. The location and scope of the Context determines the scope of the applied configuration. To apply a CAS configuration to every Web application hosted in the container, configure the default Context at $CATALINA_HOME/conf/context.xml. (Note that individual Web applications/servlets can override the default context; see the Context Container reference for more information.) Alternatively, CAS configuration can be applied to individual Web applications through a Context configuration element located in a $CONTEXT_NAME.xml file placed in $CATALINA_HOME/conf/$ENGINE/$HOST, where $ENGINE is typically Catalina and $HOST is localhost, $CATALINA_HOME/conf/Catalina/localhost. For example, to configure the Tomcat manager servlet, a manager.xml file contains Context configuration elements.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example Tomcat 6.0.x manager.xml Configurationxml |
---|
|
<?xml version="1.0" encoding="UTF-8"?>
<Context privileged="true">
<!--
The following configuration uses the CAS 2.0 protocol and a static
properties file to define allowed users to the Tomcat manager application.
The content of manager-users.properties contains entries like the following:
admin=manager-gui,manager-script,manager-jmx,manager-status
operator=manager-status
deployer=manager-script
Where admin, operator, and deployer are valid logins for the CAS server.
The path to the properties file is relative to $CATALINA_HOME.
This example also configures the container for CAS single sign-out.
-->
<Realm
className="org.jasig.cas.client.tomcat.v6.PropertiesCasRealm"
propertiesFilePath="conf/manager-user-roles.properties"
/>
<Valve
className="org.jasig.cas.client.tomcat.v6.Cas20CasAuthenticator"
encoding="UTF-8"
casServerLoginUrl="https://server.example.com/cas/login"
casServerUrlPrefix="https://server.example.com/cas/"
serverName="client.example.com"
/>
<!-- Single sign-out support -->
<Valve
className="org.jasig.cas.client.tomcat.v6.SingleSignOutValve"
artifactParameterName="SAMLart"
/>
<!--
Uncomment one of these valves to provide a logout URI for the
manager servlet.
-->
<!--
<Valve
className="org.jasig.cas.client.tomcat.v6.RegexUriLogoutValve"
logoutUriRegex="/manager/logout.*"
/>
<Valve
className="org.jasig.cas.client.tomcat.v6.StaticUriLogoutValve"
logoutUri="/manager/logout.html"
/>
-->
</Context>
|
The following example shows how to configure a Context for dynamic role data provided by the CAS attribute release feature.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Leveraging Attribute Release for Role Dataxml |
---|
|
<?xml version="1.0" encoding="UTF-8"?>
<Context privileged="true">
<!--
The following configuration uses the SAML 1.1 protocol and role data
provided by the assertion to enable dynamic server-driven role data.
The attribute used for role data is "memberOf".
-->
<Realm
className="org.jasig.cas.client.tomcat.v6.AssertionCasRealm"
roleAttributeName="memberOf"
/>
<Valve
className="org.jasig.cas.client.tomcat.v6.Saml11Authenticator"
encoding="UTF-8"
casServerLoginUrl="https://server.example.com/cas/login"
casServerUrlPrefix="https://server.example.com/cas/"
serverName="client.example.com"
/>
<!-- Single sign-out support -->
<Valve
className="org.jasig.cas.client.tomcat.v6.SingleSignOutValve"
artifactParameterName="SAMLart"
/>
</Context>
|