Skip to end of metadata
Go to start of metadata
Table of Contents

Warning

Icon

Users looking for a CAS Client for Java should be using the CAS Client for Java 3.1

Configure the CAS Client for Standalone Applications

Add the Dependencies

To configure the JA-SIG CAS Client for Java, the first thing you need to do is gather the dependencies. If your project is using Maven2, you can include the client by adding the following to your pom.xml:

If you are not using Maven2, you should download the CAS distribution and manually copy in the required dependencies.

Configure the web.xml

You need to add the following XML filter and Spring configuration code to the web.xml

If you need Proxy support, add the following to your web.xml

Configure the Spring Bean Factory

Include the following simpleFilter.xml file:

Configure Your application specific properties.

You'll need to create a file called cas-client.properties:

uPortal Integration Support

The JA-SIG CAS Client for Java provides out the box support for the uPortal 2.x framework.

Gotchas and alternatives

Icon

uPortal in recent releases (later 2.5.x releases and all 2.6 releases) provides out of the box CAS integration support, including example configuration, all necessary libraries, and integration APIs, by means of the Yale Java CAS Client. You do not need to use the JA-SIG Java CAS Client or to follow these instructions to achieve basic CAS integration in uPortal. See instead the uPortal Manual page on this topic, which exists with the purpose of making this as simple and as un-frustrating as possible for you, the uPortal deployer. (It's even named "for the impatient"!)

What is documented here is an alternative to the default approach. However, this alternative will only work with version 3.0.x of the JA-SIG Java CAS Client. It will not work with version 3.1 of the JA-SIG Java CAS Client, in which this uPortal-specific integration code was removed for various reasons. (It's not clear that uPortal-specific code belongs here, and this integration code did not make use of the CAS integration APIs shipping in uPortal, instead introducing new APIs, and so it did not transparently integrate with e.g. the CasConnecionContext shipping with uPortal 2.6).

In short, you're entirely welcome to this this JA-SIG Java CAS Client version 3.0.x and these instructions to accomplish your uPortal-CAS integration, but if you do, you're doing something different than the CAS integration that most uPortal-CAS-integrators are doing.

Add the Dependencies

To configure the JA-SIG CAS Client for Java, the first thing you need to do is gather the dependencies. If your project is using Maven2, you can include the client by adding the following to your pom.xml:

If you are not using Maven2, you should download the CAS distribution and manually copy in the required dependencies.

Edit the uPortal security.properties

First, you'll need to edit the security.properties file and set your "root" security context:

Next, set the credentials token for the root context:

Add the uPortal-specific configuration

Add the following file to your uPortal configuration files:

Configure the cas-client.properties file

You'll also need a cas-client.properties file:

Configure the uPortal Spring Bean Factory

You'll need to add the CAS Spring Bean Factory to the uPortal Spring Bean Factory so it can find it. Modify the properties/beanRefFactory.xml to include the file you created above containing the Spring Beans that the CAS client needs.

Accessing the URL:

You should now be able to go to https://my.cas.server/cas/login?service=https://my.uportal.server/portal/Authentication and authenticate via CAS.

Removing service tickets from URLs after validation:

After users have logged into CAS and access a protected service/resource, they are redirected back to the requested service/resource with a CAS service ticket.  The CAS client uses this ticket to determine whether the user has been authenticated by CAS and request the user's username.  However, the service ticket is still on the query string for the request service.  This is a problem whenever the user attempts to refresh the page or return to the page after a later time because the ticket is no longer valid!

 In order for this service ticket to be removed from the URL of the requested service/resource, an alternative configuration of the TicketValidationFilter bean must be used.

  • No labels

3 Comments

  1. In recent uPortal releases the login servlet is mapped to /Login rather than /Authentication, so that "casService" URL probably needs to be https://localhost:8443/portal/Login".

  2. Before someone goes and attempts to use the above instruction for a new app, here is an important warning.

    As of CAS Client 3.1, the above documentation is out of date, as package names have changed and Spring as well as Spring config. I will try to post a working example later on that can be used to replace this topic.