Skip to end of metadata
Go to start of metadata
Table of Contents


1. OpenCms is authenticated by CAS + LDAP.

2. OpenCms is authorized by CAS + LDAP.

3. Support OpenCms OU.

4. CAS will search  LDAP for groups and roles when validating, not authenticating.

5. Validation URI can be customised, not /serviceValidate only.

6. Easy to extend the module to support CAS + DATABASE.


Tested in Fedora 10, OpenJDK 1.6.0, Tomcat 5.5.27, OpenCms7.0.5, CAS3.3.1, OpenLDAP 2.4.12.

Login Procedure

Module Parameters

 Module parameters for authentication handler:

 Module parameters for authorization handler:

Add a new validate servlet to CAS

Here I use /authzValidate as the new validate servlet uri for an example.

1. Add /authzValidate in $(cas_server)/WEB-INF/web.xml

2. Modify $(cas_server)/WEB-INF/cas-servlet.xml

3. Modify $(cas_server)/WEB-INF/spring-configuration/applicationContext.xml

4.Modify $(cas_server)/WEB-INF/deployerConfigContext.xml

5. Modify $(cas_server)/WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp

6. Sample of /authzValidate response

How to get the module and the source code

The source code of cn.langhua.cas is here.

Source code of OpenCms-LDAP module:





Shi Yusen/Beijing Langhua Ltd.

  • No labels