Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 9 Next »

Summary

This page will explain how to make a jboss container provide CAS authentication at a container level. This client uses a Catalina Valve which makes some intelligent decisions based on the cas context config. The CAS Context is the configuration of the CAS client for the container. This context is used for both the Valve on the front end, as well as the JAAS login modules on the authentication actions made by the container.

1. Download jars...

Please check for the current version...

cd ${jboss.home}/server/${server}/lib
curl http://repo2.maven.org/maven2/org/jasig/cas/cas-client-core/3.1.10/cas-client-core-3.1.10.jar > cas-client-core-3.1.10.jar
curl http://repository.its.yale.edu/maven2/repo/org/jasig/cas/cas-client-jboss/1.0.3/cas-client-jboss-1.0.3.jar > cas-client-jboss-1.0.3.jar

2. Configure CAS Authenticator

JBoss 5 - ${jboss.home}/server/${server}/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml
diff -cBr war-deployers-jboss-beans.xml.orig war-deployers-jboss-beans.xml
*** war-deployers-jboss-beans.xml.orig	2011-04-14 13:25:59.178715004 -0400
--- war-deployers-jboss-beans.xml	2011-04-14 13:25:59.178715004 -0400
***************
*** 172,177 ****
--- 172,181 ----
                 <value>org.apache.catalina.authenticator.FormAuthenticator</value>
              </entry>
              <entry>
+                <key>CAS</key>
+                <value>org.jasig.cas.client.jboss.CasAuthenticator</value>
+             </entry>
+             <entry>
                 <key>NONE</key>
                 <value>org.apache.catalina.authenticator.NonLoginAuthenticator</value>
              </entry>
JBoss 4.2.3 - ${jboss.home}/server/${server}/deploy/jboss-web.deployer/META-INF/jboss-service.xml
diff -cBr jboss-service.xml.orig jboss-service.xml
*** jboss-service.xml.orig	2011-05-16 14:55:41.000000000 -0400
--- jboss-service.xml	2011-05-16 14:56:21.000000000 -0400
***************
*** 33,38 ****
--- 33,42 ----
                 <java:value>org.apache.catalina.authenticator.FormAuthenticator</java:value>
              </java:property> 
              <java:property>
+                <java:key>CAS</java:key>
+                <java:value>org.jasig.cas.client.jboss.CasAuthenticator</java:value>
+             </java:property> 
+             <java:property>
                 <java:key>NONE</java:key>
                 <java:value>org.apache.catalina.authenticator.NonLoginAuthenticator</java:value>
              </java:property>

3.Modify web.xml

Example: WEB-INF/web.xml

...

  <security-role>
    <role-name>app-user</role-name>
  </security-role>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>My App</web-resource-name>
      <url-pattern>/</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>app-user</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>CAS</auth-method>
    <realm-name>MyAppRealm</realm-name>
  </login-config>

...

4. Update login-config.xml

${jboss.home}/server/${server}/conf/login-config.xml
  <application-policy name="other">
    <!-- A simple server login module, which can be used when the number
    of users is relatively small. It uses two properties files:
    users.properties, which holds users (key) and their password (value).
    roles.properties, which holds users (key) and a comma-separated list of
    their roles (value).
    The unauthenticatedIdentity property defines the name of the principal
    that will be used when a null username and password are presented as is
    the case for an unuathenticated web client or MDB. If you want to
    allow such users to be authenticated add the property, e.g.,
    unauthenticatedIdentity="nobody"
    -->
                <authentication>

                        <login-module code="org.jasig.cas.client.jboss.jaas.CasAuthenticatorLoginModule" flag="required">
                                <module-option name="default-role">app-user</module-option>
                        </login-module>

                </authentication>

  </application-policy>

4. Add cas-config-service.xml

${jboss.home}/server/${server}/deploy/cas-config-service.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server PUBLIC "-//JBoss//DTD MBean Service 4.0//EN"
          "http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd">
<server>

   <mbean code="org.jboss.naming.JNDIBindingServiceMgr"
         name="org.jasig:service=CasConfig">

      <attribute name="BindingsConfig" serialDataType="jbxb">

         <jndi:bindings
            xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:jndi="urn:jboss:jndi-binding-service:1.0"
            xs:schemaLocation="urn:jboss:jndi-binding-service:1.0 resource:jndi-binding-service_1_0.xsd">

            <jndi:binding name="jasig/cas/config">
               <java:properties xmlns:java="urn:jboss:java-properties"
                  xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
                  xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">

                  <!-- Properties -->
                  <java:property>
                     <java:key>loginUrl</java:key>
                     <java:value>https://secure.its.yale.edu/cas/login</java:value>
                  </java:property>
                  <java:property>
                     <java:key>casServerUrl</java:key>
                     <java:value>https://secure.its.yale.edu/cas</java:value>
                  </java:property>

               </java:properties>
            </jndi:binding>

         </jndi:bindings>
      </attribute>
      <depends>jboss:service=Naming</depends>
   </mbean>

   <mbean code="org.jasig.cas.client.jboss.mbeans.CasContextConfig"
          name="org.jasig:service=CasContextMBean">
      <depends>jboss:service=Naming</depends>
      <depends>org.jasig:service=CasConfig</depends>
   </mbean>

</server>
  • No labels