YaleCasContext
YaleCasContext is a more traditional IYaleCasContext implementation.
Configuration
Setting the context factory
In your security.properties file, you'll need to assign the root context to the YaleCasContextFactory:
# This is the factory that supplies the concrete authentication class #root=org.jasig.portal.security.provider.SimpleSecurityContextFactory #root.cas=edu.columbia.ais.portal.security.provider.CasSecurityContextFactory root=edu.yale.its.tp.portal.security.YaleCasContextFactory
Setting the credential token
Also in the security.properties file, you'll need to assign the "ticket" credential token to the root security context you just configured:
# Answers what tokens are examined in the request for each context during authentication. # A subcontext only needs to set it's tokens if it differs from those of the root context. #principalToken.root=userName #credentialToken.root=password credentialToken.root=ticket
Configuring the YaleCasContext properties
Also in the security.properties file, you'll need to configure the YaleCasSecurityContext with the properties it needs to successfully authenticate your users. It needs to know the uPortal service URL (the URL to which the tickets it will be validating are intended to authenticate users), the uPortal https: proxy callback URL if any, and the https: URL whereat CAS offers its ticket validation service.
The YaleCasContext must know the uPortal service URL. This is the URL to which the tickets that it is validating authenticate users. This may be an https: URL, but does not have to be. Do not URL-encode this URL here. The YaleCasContext will URL encode the value of this property to transport it to CAS as the request parameter "service" on the ticket validation.
org.jasig.portal.security.provider.YaleCasContext.PortalServiceUrl=https://yourschool.edu/uPortal/Login
The YaleCasContext must know the CAS server URL where CAS offers the service ticket validation service. This must be an HTTPS: address.
org.jasig.portal.security.provider.YaleCasContext.CasValidateUrl=https://yoursecureserver.edu/cas/serviceValidate
Proxying authentication
The above instructions should get you to the point where users can authenticate to your uPortal itself using CAS. A killer feature for portals that CAS offers beyond this initial authentication is proxy authentication. In this section we describe the additional configuration you need to make to turn on proxy authentication. We highly recommend that you first verify that you are able to CAS authenticate to your uPortal istself before tackling the additional complexities of proxy authentication.
Configuring CAS proxy authentication is required in order for your uPortal instance to use Proxy Tickets to proxy authentication to backend service providers (e.g., XML feeds or CWebProxy targets), but is by no means required to use CAS for authentication to your uPortal instance itself.
Receiving proxy tickets
You'll need to map the ProxyTicketReceptor servlet in your web.xml. This servlet must be available via https:
<servlet> <servlet-name>CasProxyServlet</servlet-name> <servlet-class>edu.yale.its.tp.cas.proxy.ProxyTicketReceptor</servlet-class> <load-on-startup>4</load-on-startup> </servlet> ... <servlet-mapping> <servlet-name>CasProxyServlet</servlet-name> <url-pattern>/CasProxyServlet</url-pattern> </servlet-mapping>
Asking for proxy tickets
Having mapped ProxyTicketReceptor, you're prepared to receive proxy tickets if the CAS server would send them to you. But you also need to configure the YaleCasContext to ask for them.
Configure the YaleCasContext with a CAS proxy callback URL whereat you have mapped the CASClient ProxyTicketReceptor servlet. The proxy callback URL must be https:.
org.jasig.portal.security.provider.YaleCasContext.CasProxyCallbackUrl=https://yourschool.edu/uPortal/CasProxyServlet
The Proxy Callback MUST be over SSL
The proxy callback URL MUST be an https: URL.
Obtaining and using ProxyTickets in your IChannel implementations
Your IChannels obtain and use proxy tickets through the LocalConnectionContext abstraction, as implemented by a CasConnectionContext instance.