1. Download jars...
cd ${jboss.home}/server/${server}/lib
curl http://repo2.maven.org/maven2/org/jasig/cas/cas-client-core/3.1.10/cas-client-core-3.1.10.jar > cas-client-core-3.1.10.jar
curl http://repository.its.yale.edu/maven2/repo/org/jasig/cas/cas-client-jboss/1.0.3/cas-client-jboss-1.0.3.jar > cas-client-jboss-1.0.3.jar
2. Configure CAS Authenticator
${jboss.home}/server/${server}/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml
diff -cBr war-deployers-jboss-beans.xml.orig war-deployers-jboss-beans.xml
*** war-deployers-jboss-beans.xml.orig 2011-04-14 13:25:59.178715004 -0400
--- war-deployers-jboss-beans.xml 2011-04-14 13:25:59.178715004 -0400
***************
*** 172,177 ****
--- 172,181 ----
<value>org.apache.catalina.authenticator.FormAuthenticator</value>
</entry>
<entry>
+ <key>CAS</key>
+ <value>org.jasig.cas.client.jboss.CasAuthenticator</value>
+ </entry>
+ <entry>
<key>NONE</key>
<value>org.apache.catalina.authenticator.NonLoginAuthenticator</value>
</entry>
${jboss.home}/node00/deploy/jboss-web.deployer/META-INF/jboss-service.xml
diff jboss-service.xml{.20110429,}
35a36,39
> <java:key>CAS</java:key>
> <java:value>org.jasig.cas.client.jboss.CasAuthenticator</java:value>
> </java:property>
> <java:property>
3. Explode hudson and Update web.xml
${hudson.war}/WEB-INF/web.xml
diff -cBr web.xml.orig web.xml
*** web.xml.orig 2011-04-14 13:34:30.008715022 -0400
--- web.xml 2011-04-28 10:46:58.236393003 -0400
***************
*** 145,151 ****
<security-constraint>
<web-resource-collection>
<web-resource-name>Hudson</web-resource-name>
! <url-pattern>/loginEntry</url-pattern>
<!--http-method>GET</http-method-->
</web-resource-collection>
<auth-constraint>
--- 145,151 ----
<security-constraint>
<web-resource-collection>
<web-resource-name>Hudson</web-resource-name>
! <url-pattern>/</url-pattern>
<!--http-method>GET</http-method-->
</web-resource-collection>
<auth-constraint>
***************
*** 154,160 ****
</security-constraint>
<login-config>
! <auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/loginError</form-error-page>
--- 154,160 ----
</security-constraint>
<login-config>
! <auth-method>CAS</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/loginError</form-error-page>
4. Update login-config.xml
${jboss.home}/server/${server}/conf/login-config.xml
diff -cBr login-config.xml.orig login-config.xml
*** login-config.xml.orig 2011-04-28 10:59:03.466393001 -0400
--- login-config.xml 2011-04-28 10:54:50.326393001 -0400
***************
*** 123,132 ****
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
! <authentication>
! <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
! flag="required"/>
! </authentication>
</application-policy>
</policy>
--- 124,152 ----
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
! <authentication>
!
! <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">
! <module-option name="java.naming.provider.url">ldaps://ad.its.yale.edu:636/</module-option>
! <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
! <module-option name="java.naming.security.protocol">ssl</module-option>
! <module-option name="bindDN">${user.dn}</module-option>
! <module-option name="bindCredential">${user.pwd}</module-option>
! <module-option name="baseCtxDN">DC=yu,DC=yale,DC=edu</module-option>
! <module-option name="baseFilter">(cn={0})</module-option>
! <module-option name="defaultRole">hudson</module-option>
! <module-option name="roleFilter">(1=2)</module-option>
! <module-option name="rolesCtxDN">DC=yu,DC=yale,DC=edu</module-option>
! <module-option name="password-stacking">useFirstPass</module-option>
! </login-module>
!
! <login-module code="org.jasig.cas.client.jboss.jaas.CasAuthenticatorLoginModule" flag="sufficient">
! <module-option name="default-role">hudson</module-option>
! <module-option name="password-stacking">useFirstPass</module-option>
! </login-module>
!
! </authentication>
!
</application-policy>
</policy>
4. Add cas-config-service.xml
${jboss.home}/server/${server}/deploy/cas-config-service.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server PUBLIC "-//JBoss//DTD MBean Service 4.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd">
<server>
<mbean code="org.jboss.naming.JNDIBindingServiceMgr"
name="org.jasig:service=CasConfig">
<attribute name="BindingsConfig" serialDataType="jbxb">
<jndi:bindings
xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jndi="urn:jboss:jndi-binding-service:1.0"
xs:schemaLocation="urn:jboss:jndi-binding-service:1.0 resource:jndi-binding-service_1_0.xsd">
<jndi:binding name="jasig/cas/config">
<java:properties xmlns:java="urn:jboss:java-properties"
xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">
<!-- Properties -->
<java:property>
<java:key>loginUrl</java:key>
<java:value>https://secure.its.yale.edu/cas/login</java:value>
</java:property>
<java:property>
<java:key>casServerUrl</java:key>
<java:value>https://secure.its.yale.edu/cas</java:value>
</java:property>
<java:property>
<java:key>basicAuthPaths</java:key>
<java:value>.*/api/xml</java:value>
</java:property>
<java:property>
<java:key>basicAuthRealm</java:key>
<java:value>Hudson Xml Api</java:value>
</java:property>
</java:properties>
</jndi:binding>
</jndi:bindings>
</attribute>
<depends>jboss:service=Naming</depends>
</mbean>
<mbean code="org.jasig.cas.client.jboss.mbeans.CasContextConfig"
name="org.jasig:service=CasContextMBean">
<depends>jboss:service=Naming</depends>
<depends>org.jasig:service=CasConfig</depends>
</mbean>
</server>
6 Update Hudson
Make sure that a netid has administrator access. See example below.