Child pages
  • CAS token manager (addon)
Skip to end of metadata
Go to start of metadata


This documentation shows how to install esup-cas-tokenmanager (view Github repo)

Cas addon Ticket Manager

Project introduction

CAS Addon Ticket Manager aims to integrate in the CAS server. It exposes some TicketRegistry's data through a WebService. An external webapp will be able to manage user tickets. This addon brings authentication meta data built on top of CAS credentials.


Some requirements are optionnal

  • CAS 4.0.0+
  • LDAP Authentication
  • Long term session (optionnal)
  • Authentication through REST API (optionnal)


CAS : pom.xml


cas-server-webapp : pom.xml


cas-server-webapp : web.xml

Please update cors.allowOrigin to avoid non-authorized apps to access the token-service REST API

        <param-value>GET, POST, DELETE</param-value>

cas-server-webapp: securityContext.xml

<sec:http auto-config="true" entry-point-ref="notAuthorizedEntryPoint" pattern="/rest/**" use-expressions="true">
    <sec:intercept-url access="hasIpAddress('${cas.securityContext.status.allowedSubnet}')" pattern="/rest/**"/>

cas-server-webapp : token-service-servlet.xml

This file doesn't exist and contains all configuration relative to the addon. Please copy/paste the following code in a file : cas/cas-server-webapp/src/main/webapp/WEB-INF/token-service-servlet.xml


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""
 	<context:annotation-config />
    <context:component-scan base-package="org.esupportail.cas.addon.service"/>
	<bean class="org.esupportail.cas.addon.utils.TicketRegistryUtils"/>


Config for optionnal features

cas-server-webapp : login-webflow.xml

<!-- var[name=credential] tag already exists and you just need to update the class attribute -->
<var name="credential" class="org.esupportail.cas.addon.authentication.ExtrasInfosRememberMeUsernamePasswordCredential" />
<view-state id="viewLoginForm" view="casLoginView" model="credential">
        <binding property="userAgent" />
        <binding property="ipAddress" />

cas-server-webapp: deployerConfigContext.xml

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
  <property name="authenticationMetaDataPopulators">
      <bean class="org.esupportail.cas.addon.authentication.principal.ExtrasInfosAuthenticationMetaDataPopulator" />

cas-server-webapp: casLoginView.jsp

<input type="hidden" name="ipAddress" value="${pageContext.request.remoteAddr}"/>
<input type="hidden" name="userAgent" value="${header['user-agent']}" />

Support new Credentials in CAS REST API

If you want to get access to authentication meta data through CAS REST API, please update the following file : src/main/java/org/jasig/cas/integration/restlet/ in the obtainCredentials method.
final ExtrasInfosRememberMeUsernamePasswordCredential c = new ExtrasInfosRememberMeUsernamePasswordCredential();

Ticket management webapp


Open and update with your own informations

  • ldap.authn.baseDn : root LDAP branch

  • ldap.baseSearch : LDAP branch where users are stored

  • : LDAP branch where groups are stored

  • : LDAP attribute containing group name

  • security.adminRole : adminRole must correspond to a LDAP group. 

    • Let's take a group with the name admin. Users that belongs to this group will be given the security role : ROLE_ADMIN (case sensitive)


Simply run

mvn clean package install


Copy/paste target/cas-ticket-management.war in your Tomcat's webapp folder.

Integration as a portlet in uPortal

This servlet can be easily integrate in uPortal into an iframe.
User interface are built on top of Twitter Bootstrap 3.1 and therefore are responsive.
This servlet integrates a JavaScript snippet made by Pascal Rigaux to resize an iframe depending on its content. If you want this feature to work you will need to include a JavaScript snippet in the portal too (view Github repo :

  • No labels