Versions Compared

Version Old Version 11 New Version 12
Changes made by

Former user

Howard Gilbert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Disclamer: This is fine when it works and it difficult to debug when it doesn't work. It probably does not work after JBoss EAP 6 and there is no plan at Yale to update it. New users are discouraged from using this. 

Summary

This page will explain how to make a jboss container provide CAS authentication at a container level. This client uses a Catalina Valve which makes some intelligent decisions based on the cas context config. The CAS Context is the configuration of the CAS client for the container. This context is used for both the Valve on the front end, as well as the JAAS login modules on the authentication actions made by the container.

...

Note

Please check for the current version...

Code Block

cd ${jboss.home}/server/${server}/lib
curl http://repo2.maven.org/maven2/org/jasig/cas/cas-client-core/3.1.10/cas-client-core-3.1.10.jar > cas-client-core-3.1.10.jar
curl http://repository.its.yale.edu/maven2/repo/org/jasig/cas/cas-client-jboss/1.0.3/cas-client-jboss-1.0.3.jar > cas-client-jboss-1.0.3.jar

...

Code Block
titleJBoss 5 - ${jboss.home}/server/${server}/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml

diff -cBr war-deployers-jboss-beans.xml.orig war-deployers-jboss-beans.xml
*** war-deployers-jboss-beans.xml.orig	2011-04-14 13:25:59.178715004 -0400
--- war-deployers-jboss-beans.xml	2011-04-14 13:25:59.178715004 -0400
***************
*** 172,177 ****
--- 172,181 ----
                 <value>org.apache.catalina.authenticator.FormAuthenticator</value>
              </entry>
              <entry>
+                <key>CAS</key>
+                <value>org.jasig.cas.client.jboss.CasAuthenticator</value>
+             </entry>
+             <entry>
                 <key>NONE</key>
                 <value>org.apache.catalina.authenticator.NonLoginAuthenticator</value>
              </entry>
Code Block
titleJBoss 4.2.3 - ${jboss.home}/server/${server}/deploy/jboss-web.deployer/META-INF/jboss-service.xml

diff -cBr jboss-service.xml.orig jboss-service.xml
*** jboss-service.xml.orig	2011-05-16 14:55:41.000000000 -0400
--- jboss-service.xml	2011-05-16 14:56:21.000000000 -0400
***************
*** 33,38 ****
--- 33,42 ----
                 <java:value>org.apache.catalina.authenticator.FormAuthenticator</java:value>
              </java:property> 
              <java:property>
+                <java:key>CAS</java:key>
+                <java:value>org.jasig.cas.client.jboss.CasAuthenticator</java:value>
+             </java:property> 
+             <java:property>
                 <java:key>NONE</java:key>
                 <java:value>org.apache.catalina.authenticator.NonLoginAuthenticator</java:value>
              </java:property>

...

Code Block
titleExample: WEB-INF/web.xml


...

  <security-role>
    <role-name>app-user</role-name>
  </security-role>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>My App</web-resource-name>
      <url-pattern>/</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>app-user</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>CAS</auth-method>
    <realm-name>MyAppRealm</realm-name>
  </login-config>

...

...

Code Block
title${jboss.home}/server/${server}/conf/login-config.xml


...

  <application-policy name="MyAppRealm">
    <authentication>
      <login-module code="org.jasig.cas.client.jboss.jaas.CasAuthenticatorLoginModule" flag="required">
         <module-option name="default-role">app-user</module-option>
      </login-module>
    </authentication>
  </application-policy>

...

...

Code Block
title${jboss.home}/server/${server}/deploy/cas-config-service.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server PUBLIC "-//JBoss//DTD MBean Service 4.0//EN"
          "http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd">
<server>

   <mbean code="org.jboss.naming.JNDIBindingServiceMgr"
         name="org.jasig:service=CasConfig">

      <attribute name="BindingsConfig" serialDataType="jbxb">

         <jndi:bindings
            xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:jndi="urn:jboss:jndi-binding-service:1.0"
            xs:schemaLocation="urn:jboss:jndi-binding-service:1.0 resource:jndi-binding-service_1_0.xsd">

            <jndi:binding name="jasig/cas/config">
               <java:properties xmlns:java="urn:jboss:java-properties"
                  xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
                  xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">

                  <!-- Properties -->
                  <java:property>
                     <java:key>loginUrl</java:key>
                     <java:value>https://secure.its.yale.edu/cas/login</java:value>
                  </java:property>
                  <java:property>
                     <java:key>casServerUrl</java:key>
                     <java:value>https://secure.its.yale.edu/cas</java:value>
                  </java:property>

               </java:properties>
            </jndi:binding>

         </jndi:bindings>
      </attribute>
      <depends>jboss:service=Naming</depends>
   </mbean>

   <mbean code="org.jasig.cas.client.jboss.mbeans.CasContextConfig"
          name="org.jasig:service=CasContextMBean">
      <depends>jboss:service=Naming</depends>
      <depends>org.jasig:service=CasConfig</depends>
   </mbean>

</server>