Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

YaleCasContext is a more traditional IYaleCasContext implementation.

Configuration

Setting the context factory

In your security.properties file, you'll need to assign the root context to the YaleCasContextFactory:

# This is the factory that supplies the concrete authentication class
#root=org.jasig.portal.security.provider.SimpleSecurityContextFactory
#root.cas=edu.columbia.ais.portal.security.provider.CasSecurityContextFactory
root=edu.yale.its.tp.portal.security.YaleCasContextFactory

Setting the credential token

Also in the security.properties file, you'll need to assign the "ticket" credential token to the root security context you just configured:

# Answers what tokens are examined in the request for each context during authentication.
# A subcontext only needs to set it's tokens if it differs from those of the root context.
#principalToken.root=userName
#credentialToken.root=password
credentialToken.root=ticket

Configuring the YaleCasContext properties

Also in the security.properties file, you'll need to configure the YaleCasSecurityContext with the properties it needs to successfully authenticate your users. It needs to know the uPortal service URL (the URL to which the tickets it will be validating are intended to authenticate users), the uPortal https: proxy callback URL if any, and the https: URL whereat CAS offers its ticket validation service.

The YaleCasContext must know the uPortal service URL. This is the URL to which the tickets that it is validating authenticate users. This may be an https: URL, but does not have to be. Do not URL-encode this URL here. The YaleCasContext will URL encode the value of this property to transport it to CAS as the request parameter "service" on the ticket validation.

org.jasig.portal.security.provider.YaleCasContext.PortalServiceUrl=https://yourschool.edu/uPortal/Login

The YaleCasContext must know the CAS server URL where CAS offers the service ticket validation service. This must be an HTTPS: address.

org.jasig.portal.security.provider.YaleCasContext.CasValidateUrl=https://yoursecureserver.edu/cas/serviceValidate

Oprtionally, you can configure the YaleCasContext with a CAS proxy callback URL whereat you have mapped the CASClient ProxyTicketReceptor servlet. The proxy callback URL, if present, must be https:. Setting this callback is required in order for your uPortal instance to use Proxy Tickets to proxy authentication to backend service providers (e.g., XML feeds or CWebProxy targets), but is by no means required to use CAS for authentication to your uPortal instance itself.

org.jasig.portal.security.provider.YaleCasContext.CasProxyCallbackUrl=https://yourschool.edu/uPortal/CasProxyServlet
  • No labels