Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Trusted Authentication Handler

Including the Handler

In the pom.xml file for your CAS Maven2 WAR Overlay, add the following dependency:

<dependency>
     <groupId>org.jasig.cas</groupId>
     <artifactId>cas-server-support-trusted</artifactId>
     <version>${cas.version}</version>
</dependency>

Set Up CAS

Set up the login webflow

The CAS 3 Login Webflow needs to be modified. This webflow is located in /WEB-INF/login-webflow.xml. There are 2 new action states which are placed before the state viewLoginForm.

<action-state id="remoteAuthenticate">
  <action bean="principalFromRemoteAction" />
  <transition on="success" to="sendTicketGrantingTicket" />
  <transition on="error" to="viewLoginForm" />
</action-state>

In 3.4.2 and later, change <action bean="principalFromRemoteAction" /> to <evaluate expression="principalFromRemoteAction" />.

And 3 existing transitions need to be update:

  • In the decision-state gatewayRequestCheck, replace reference to viewLoginForm by remoteAuthenticate
  • In the decision-state renewRequestCheck, replace reference to viewLoginForm by remoteAuthenticate
  • In the action-state generateServiceTicket, replace reference to viewLoginForm by remoteAuthenticate

In 3.4.12 (before?) ignore the above 3 transition declarations. Update the "generateLoginTicket" action-state to have the following transition.

<transition on="generated" to="remoteAuthenticate" />

/WEB-INF/cas-servlet.xml

Add the bean needed for the login flow :

<bean id="principalFromRemoteAction" class="org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction"
p:centralAuthenticationService-ref="centralAuthenticationService" />

/WEB-INF/deployerConfigContext.xml

In the bean authenticationManager, add:

  • org.jasig.cas.adaptors.trusted.authentication.principal.PrincipalBearingCredentialsToPrincipalResolver as credentialsToPrincipalResolvers

  • org.jasig.cas.adaptors.trusted.authentication.handler.support.PrincipalBearingCredentialsAuthenticationHandler as authenticationHandlers

    <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
  <property name="credentialsToPrincipalResolvers">
    <list>
      <!--  ... the others credentialsToPrincipalResolvers ... -->
      <bean class="org.jasig.cas.adaptors.trusted.authentication.principal.PrincipalBearingCredentialsToPrincipalResolver" />
    </list>
  </property>
  <property name="authenticationHandlers">
    <list>
      <bean class="org.jasig.cas.adaptors.trusted.authentication.handler.support.PrincipalBearingCredentialsAuthenticationHandler" />
      <!--  ... the others authenticationHandlers... -->
    </list>
  </property>
</bean>

Build the cas-webapp

Inside the ${project.home}/cas-server-webapp/ folder, run the command :

mvn package

You may now deploy the new webapp.

Tomcat & Apache integration issue

If you are using, a frontal Apache with mod_jk and Apache is handling the REMOTE_USER, you have to check the AJP connector in your Tomcat server.xml file. You should add the parameter tomcatAuthentication to false

Connector port="8009"
  enableLookups="false" redirectPort="8443" debug="0"
  protocol="AJP/1.3"
  tomcatAuthentication="false" />
  • No labels