Child pages
  • Examples to Configure CAS
Skip to end of metadata
Go to start of metadata

CAS can be configured to use one or more different means of authentication. An authentication method is implemented by a handler. You can use one of the prefab handlers in the adaptors directory of the CAS server source, or write your own. The CAS server sources provide adaptors for, among others, relational database authentication and LDAP authentication.

In general, to enable a handler, you'll need to compile the handler source code, add the generated JAR file to the available libraries for CAS and configure the handler properties in the deployerConfigContext.xml that resides in the WEB-INF directory of your deployed CAS war (Web Archive). In Tomcat this would be TOMCAT_ROOT/webapps/cas/WEB-INF/deployerConfigContext.xml. To make the classes available to the CAS webapp, the JAR file should go into TOMCAT_ROOT/webapps/cas/WEB-INF/lib.

To create the JDBC jar for instance, cd into CAS_SOURCE/adaptors/jdbc, and run:

maven jar

Copy the jar file, created in the target directory, into the WEB-INF/lib directory of your CAS webapp. 

In the authenticationHandlers section, add a bean definition of your handler, including properties to be set on the handler.

An example of the SearchModeSearchDatabaseAuthenticationHandler (one of the three possible database handlers) looks like:

  <bean class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler">
    <property name="tableUsers"><value>users</value></property>
    <property name="fieldUser"><value>id</value></property>
    <property name="fieldPassword"><value>password</value></property>
    <property name="dataSource" ref="dataSource"/>

assuming the table where your users are stored is called users, your username field is id and your password field is password.
The property names correspond to setters on the handler. In this case, the SearchModeSearchDatabaseAuthenticationHandler has four setters (one of which is inherited), named:

  • setTableUsers
  • setFieldUser
  • setFieldPassword
  • setDataSource (inherited)

You may use further beans as values for a property name, as is the case here for the dataSource property. This bean can be made available in the same file, adding it after the last bean close tag. An example for the dataSource bean looks like:

<!-- Data source definition -->
  <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
    <property name="driverClassName">
    <property name="url">
    <property name="username"><value>root</value></property>
    <property name="password"><value></value></property>

assuming you wish to use MySQL, running on localhost port 3306 (the default), and use a database called mydb. The user root is used to bind to the database, using no password.

Detailed examples how to configure CAS:




  • No labels


  1. Hi Stephen More and Mark Rogers,

    I heard that CAS support OpenID, so I tried to enable OpenID feature by following the instruction

    However, when I start the CAS app, the login page does not load normal view, instead it say that "CAS is unavailable. There was an error trying to complete your request. Please notify your support desk or try again.".

     When I try to know what make it unavailable, I figure out this supplement command in the login-webflow.xml configuration file is an issue:


    <if test=


    Unknown macro: {externalContext.requestParameterMap['openid.mode'] != '' && externalContext.requestParameterMap['openid.mode'] != null}



    Can anyone help me. I'm thankful to any clue about this.

  2. HI All

    I had an issue above.Can anyone help me. Thanks

  3. Try like this(CAS3.4.10):

    <decision-state id="selectFirstAction">


    test="externalContext.requestParameterMap['openid.mode'] neq '' && externalContext.requestParameterMap['openid.mode'] neq null"

    then="openIdSingleSignOnAction" else="ticketGrantingTicketExistsCheck" />


  4. Is it possible to have multiple "AuthenticationHandlers" at the same time ?

    Thereby different Service URLs can be authenticated by different "AuthenticationHandlers".

    eg:   ---> authenticated by LDAP  ---> authenticate by JDBC



  5. How to specify the hashing mechanism used for the password in this handler?