Webmail with CAS security provider 3

Owned by Andrew Petro
Last updated: Feb 01, 2007 by ScottSVersion comment
1 min read

This page is for hashing out how to reproducibly use UBC_Webmail with the CAS security provider 3 release, which includes YaleCasFilteredContext.

Attached are a CasProviderThreeAuthenticationFactory and a CasProviderThreeAuthentication.

Assumption: you've already installed the CAS security provider .jar or classes and you've already configured CAS authentication such that you're successfully logging into your portal via CAS and your portal is successfully obtaining proxy granting tickets.

  • As you would have with the CASMultiServerAuthentication, place the attached source files into the ca.ubc.itservices.channels.webmail package.
  • Configure webmail to use the new CasProviderThreeAuthenticationFactory.

defaultAuthenticationFactory=ca.ubc.itservices.channels.webmail.CasProviderThreeAuthenticationFactory

The CasProviderThreeAuthentication implementation uses Commons Logging, so configure Log4j to log the ca.ubc.itservices.channels.webmail package in detail. The Java CAS client and "cas uportal security provider version 3" also use Commons Logging, so you can configure those packages to log in detail as well. The result should be logging of all pieces of the CAS usage.

Logger.properties (becomes log4j.properties during build) configuration:

log4j.logger.ca.ubc.itservices.channels.webmail.CasProviderThreeAuthenticationFactory
log4j.logger.ca.ubc.itservices.channels.webmail.CasProviderThreeAuthentication
log4j.logger.org.jasig.portal.security.provider=DEBUG, CAS
log4j.logger.edu.yale.its.tp.cas=DEBUG, CAS

log4j.appender.CAS=org.apache.log4j.FileAppender
log4j.appender.CAS.File=c:\Tomcat\Tomcat_5.0\logs\cas.log
log4j.appender.CAS.immediateFlush = true
log4j.appender.CAS.append = false
log4j.appender.CAS.Encoding=UTF-8
log4j.appender.CAS.layout=org.apache.log4j.PatternLayout
log4j.appender.CAS.layout.ConversionPattern=%5p [%t] %c{2}.[%x] %d{MMM/dd HH:mm:ss} - %m%n

 

This should be enough to demonstrate getting the proxy ticket.  Of course, you'll also need to configure your IMAP server to accept that proxy ticket, and to agree with webmail about the service identifier for the IMAP server (default: "imap").