Versions Compared

Old Version 9

changes.mady.by.user Marvin Addison

Saved on

compared with

New Version Current

changes.mady.by.user Marvin Addison

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

The Realm, Authenticator, and Valve components are wired together inside a Tomcat Context configuration element. The location and scope of the Context determines the scope of the applied configuration. To apply a CAS configuration to every Web application hosted in the container, configure the default Context at $CATALINA_HOME/conf/context.xml. (Note that individual Web applications/servlets can override the default context; see the Context Container reference for more information.) Alternatively, CAS configuration can be applied to individual Web applications through a Context configuration element located in a $CONTEXT_NAME.xml file placed in $CATALINA_HOME/conf/$ENGINE/$HOST, where $ENGINE is typically Catalina and $HOST is localhost, $CATALINA_HOME/conf/Catalina/localhost. For example, to configure the Tomcat manager servlet, a manager.xml file contains Context configuration elements.

Code Block
xml
xml
titleExample Tomcat 6.0.x manager.xml Configurationxml
<?xml version="1.0" encoding="UTF-8"?>
<Context privileged="true">
  <!--
    The following configuration uses the CAS 2.0 protocol and a static
    properties file to define allowed users to the Tomcat manager application.
    The content of manager-users.properties contains entries like the following:

      admin=manager-gui,manager-script,manager-jmx,manager-status
      operator=manager-status
      deployer=manager-script

    Where admin, operator, and deployer are valid logins for the CAS server.
    The path to the properties file is relative to $CATALINA_HOME.

    This example also configures the container for CAS single sign-out.
  -->
  <Realm
    className="org.jasig.cas.client.tomcat.v6.PropertiesCasRealm"
    propertiesFilePath="conf/manager-user-roles.properties"
    />
  <Valve
    className="org.jasig.cas.client.tomcat.v6.Cas20CasAuthenticator"
    encoding="UTF-8"
    casServerLoginUrl="https://server.example.com/cas/login"
    casServerUrlPrefix="https://server.example.com/cas/"
    serverName="client.example.com"
    />

  <!-- Single sign-out support -->
  <Valve
    className="org.jasig.cas.client.tomcat.v6.SingleSignOutValve"
    artifactParameterName="SAMLart"
    />

  <!--
    Uncomment one of these valves to provide a logout URI for the
    manager servlet.
  -->
  <!--
  <Valve
    className="org.jasig.cas.client.tomcat.v6.RegexUriLogoutValve"
    logoutUriRegex="/manager/logout.*"
    />
  <Valve
    className="org.jasig.cas.client.tomcat.v6.StaticUriLogoutValve"
    logoutUri="/manager/logout.html"
    />
  -->
</Context>

The following example shows how to configure a Context for dynamic role data provided by the CAS attribute release feature.

Code Block
xml
xml
titleLeveraging Attribute Release for Role Dataxml
<?xml version="1.0" encoding="UTF-8"?>
<Context privileged="true">
  <!--
    The following configuration uses the SAML 1.1 protocol and role data
    provided by the assertion to enable dynamic server-driven role data.
    The attribute used for role data is "memberOf".
  -->
  <Realm
    className="org.jasig.cas.client.tomcat.v6.AssertionCasRealm"
    roleAttributeName="memberOf"
    />
  <Valve
    className="org.jasig.cas.client.tomcat.v6.Saml11Authenticator"
    encoding="UTF-8"
    casServerLoginUrl="https://server.example.com/cas/login"
    casServerUrlPrefix="https://server.example.com/cas/"
    serverName="client.example.com"
    />

  <!-- Single sign-out support -->
  <Valve
    className="org.jasig.cas.client.tomcat.v6.SingleSignOutValve"
    artifactParameterName="SAMLart"
    />
</Context>