Since CAS 4.0.0, the SAML support is no longer available in the CAS server itself but through the cas-server-support-saml module.
If you want to enable SAML support in the CAS server, you need to apply the following steps.
1) Add the Maven dependency to your CAS server pom.xml file :
<dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-support-saml</artifactId> <version>4.0.0</version> </dependency>
2) Enable SAML validation (/samlValidate url)
Add the appropriate mapping in the handlerMappingC bean in the cas-servlet.xml file :
<bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> <property name="mappings"> <props> ... <prop key="/samlValidate">samlValidateController</prop> ...
with the samlValidateController bean :
<bean id="samlValidateController" class="org.jasig.cas.web.ServiceValidateController" p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification" p:centralAuthenticationService-ref="centralAuthenticationService" p:proxyHandler-ref="proxy20Handler" p:argumentExtractor-ref="samlArgumentExtractor" p:successView="casSamlServiceSuccessView" p:failureView="casSamlServiceFailureView"/>
add the servlet mapping in the web.xml file :
<servlet-mapping> <servlet-name>cas</servlet-name> <url-pattern>/samlValidate</url-pattern> </servlet-mapping>
3) Enable SAML 1.1 support
Add the appropriate SAML arguments extractor in the argumentExtractorsConfiguration.xml file :
<bean id="samlArgumentExtractor" class="org.jasig.cas.support.saml.web.support.SamlArgumentExtractor" p:httpClient-ref="noRedirectHttpClient" p:disableSingleSignOut="${slo.callbacks.disabled:false}" />
Add it to the list of arguments extractors :
<util:list id="argumentExtractors"> <ref bean="casArgumentExtractor" /> <ref bean="samlArgumentExtractor" /> </util:list>
Add the SAML id generator in the uniqueIdGenerators.xml file :
<bean id="samlServiceTicketUniqueIdGenerator" class="org.jasig.cas.support.saml.util.SamlCompliantUniqueTicketIdGenerator"> <constructor-arg index="0" value="https://localhost:8443" /> </bean>
and reference it in the uniqueIdGeneratorsMap :
<util:map id="uniqueIdGeneratorsMap"> <entry key="org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl" value-ref="serviceTicketUniqueIdGenerator" /> <entry key="org.jasig.cas.support.openid.authentication.principal.OpenIdService" value-ref="serviceTicketUniqueIdGenerator" /> <entry key="org.jasig.cas.support.saml.authentication.principal.SamlService" value-ref="samlServiceTicketUniqueIdGenerator" /> </util:map>
4) Enable Google SAML 2.0 support
Add the appropriate SAML arguments extractor in the argumentExtractorsConfiguration.xml file :
<bean id="googleAccountsArgumentExtractor" class="org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor" p:privateKey-ref="privateKeyFactoryBean" p:publicKey-ref="publicKeyFactoryBean" p:httpClient-ref="httpClient" />
Add it to the list of arguments extractors :
<util:list id="argumentExtractors"> <ref bean="casArgumentExtractor" /> <ref bean="googleAccountsArgumentExtractor" /> </util:list>
Add a new generator to the uniqueIdGeneratorsMap bean in the uniqueIdGenerators.xml file :
<util:map id="uniqueIdGeneratorsMap"> <entry key="org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl" value-ref="serviceTicketUniqueIdGenerator" /> <entry key="org.jasig.cas.support.openid.authentication.principal.OpenIdService" value-ref="serviceTicketUniqueIdGenerator" /> <entry key="org.jasig.cas.support.saml.authentication.principal.GoogleAccountsService" value-ref="serviceTicketUniqueIdGenerator" /> </util:map>