Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Since CAS 4.0.0, the SAML 1.1 Ticket Validation Response and the SAML2 Google Accounts Integration are optional components available through the cas-server-support-saml module.  While both features require the cas-server-support-saml module, they can be deployed independently.

To enable either feature the cas-server-support-saml module dependency must be added to your CAS Server Maven Overlay pom.xml file:

<dependency>
  <groupId>org.jasig.cas</groupId>
  <artifactId>cas-server-support-saml</artifactId>
  <version>4.0.0</version>
</dependency>

SAML 1.1 Ticket Validate Response Configuration

Step 1 : Define samlValidateController bean and map it to /samlValidate URL via handlerMappingC bean in cas-servlet.xml:

<bean id="samlValidateController" class="org.jasig.cas.web.ServiceValidateController"
  p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
  p:centralAuthenticationService-ref="centralAuthenticationService"
  p:proxyHandler-ref="proxy20Handler"
  p:argumentExtractor-ref="samlArgumentExtractor"
  p:successView="casSamlServiceSuccessView"
  p:failureView="casSamlServiceFailureView"/>
<bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
  <property name="mappings">
    <props>
      ...
      <prop key="/samlValidate">samlValidateController</prop>
      ...

Step 2: Add the servlet mapping for /samlValidate URL in the web.xml file:

<servlet-mapping>
  <servlet-name>cas</servlet-name>
  <url-pattern>/samlValidate</url-pattern>
</servlet-mapping>

Step 3: Add the appropriate SAML arguments extractor in the argumentExtractorsConfiguration.xml file:

<bean id="samlArgumentExtractor" class="org.jasig.cas.support.saml.web.support.SamlArgumentExtractor"
  p:httpClient-ref="noRedirectHttpClient"
  p:disableSingleSignOut="${slo.callbacks.disabled:false}" />
<util:list id="argumentExtractors">
  <ref bean="casArgumentExtractor" />
  <ref bean="samlArgumentExtractor" />
</util:list>

Step 4: Add the SAML ID generator in the uniqueIdGenerators.xml file :

<bean id="samlServiceTicketUniqueIdGenerator" class="org.jasig.cas.support.saml.util.SamlCompliantUniqueTicketIdGenerator">
  <constructor-arg index="0" value="https://localhost:8443" />
</bean>
<util:map id="uniqueIdGeneratorsMap">
  <entry
    key="org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl"
    value-ref="serviceTicketUniqueIdGenerator" />
  <entry
    key="org.jasig.cas.support.openid.authentication.principal.OpenIdService"
    value-ref="serviceTicketUniqueIdGenerator" />
  <entry
    key="org.jasig.cas.support.saml.authentication.principal.SamlService"
    value-ref="samlServiceTicketUniqueIdGenerator" />
</util:map>

 

SAML2 Google Accounts Integration

 

Step1: Add the appropriate SAML arguments extractor in the argumentExtractorsConfiguration.xml file :

<bean id="googleAccountsArgumentExtractor" class="org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor"
      p:privateKey-ref="privateKeyFactoryBean"
      p:publicKey-ref="publicKeyFactoryBean"
      p:httpClient-ref="httpClient" />
<util:list id="argumentExtractors">
  <ref bean="casArgumentExtractor" />
  <ref bean="googleAccountsArgumentExtractor" />
</util:list>

Step 2: Add a new generator to the uniqueIdGeneratorsMap bean in the uniqueIdGenerators.xml file :

<util:map id="uniqueIdGeneratorsMap">
  <entry
    key="org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl"
    value-ref="serviceTicketUniqueIdGenerator" />
  <entry
    key="org.jasig.cas.support.openid.authentication.principal.OpenIdService"
    value-ref="serviceTicketUniqueIdGenerator" />
  <entry
    key="org.jasig.cas.support.saml.authentication.principal.GoogleAccountsService"
    value-ref="serviceTicketUniqueIdGenerator" />
</util:map>
  • No labels