Hi there, For the original question: I had some spring mvc controllers (providing some administrative operations) running in the overlayed cas server application that I also wanted to protect by using CAS itself. This means that the CAS server application acts both as authentication server and also as authentication client. I encountered however no special problems by doing so. I just added the CAS client JAR to maven and edited my web.xml so that my mapped spring mvc controller paths were secured by the cas client filter. If I remember it correctly there was no need to edit securityContext.xml...
2014-09-05 16:15 GMT+02:00 John Gasper <jgas...@unicon.net>: > Andrew, > > I'll just add to what Ganesh said. You can find the CAS Password Manager > overlay here: https://github.com/Unicon/cas-password-manager/. It is very > basic and might need a bit of work getting it to work with 3.5.2.1. > > Since you are starting from a fairly clean state, I'd suggestion taking a > look at https://code.google.com/p/pwm/. It's a very comprehensive > solution and because it shouldn't hold you back when trying to upgrade CAS > Server versions. > > -- > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > > On 9/4/14 10:32 PM, Ganesh and Sashi Prasad wrote: > > Hi Andrew, > > You can use the Unicon password management module using the maven > overlay mechanism. We did this and got both "forgot password?" and "change > password" functionality. I understand the only two directories it supports > are OpenLDAP and Microsoft ActiveDirectory. > > Also, we had trouble enabling password policy enforcement on OpenLDAP, > so we didn't :-). The implication is that when a user clicks on "forgotten > password" and has a random string sent to them as their temporary password, > the system doesn't force them to change it to something else on their next > logon. If they want, they can continue to keep this password. If they want > to change it, then they have to explicitly execute the "change password" > function. > > Hope this helps. > > Regards, > Ganesh > > > On 5 September 2014 04:26, Andrew McKinney <andrew.mckin...@uvu.edu> > wrote: > >> First, full disclosure, I am fairly new to Spring and CAS. That being >> said, I have been tasked at our institution with adding password management >> features to the CAS system (3.5.2). To accomplish this, I have added a new >> Controller to our CAS server overlay to perform a password change. >> Ironically, the problem I am having is securing the new controller behind >> the CAS authentication. >> >> >> >> To try and accomplish this I have modified the securityContext.xml file >> to mimic the settings used for the services management piece. Using this >> method I have been able to require the user to authenticate with CAS before >> using the password change form, but it seems to not respect the >> authentication for single sign on. >> >> >> >> Long story short, I am trying to add several new controllers to the CAS >> server overlay, and would like those controllers to require CAS >> authentication before they are used. Is there are good way to accomplish >> this within the CAS server overlay, or should I simply write a stand-alone >> password management application that authenticates against CAS? >> >> >> >> Thanks, >> >> >> >> Andrew McKinney >> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> g.c.pra...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> > -- > You are currently subscribed to cas-dev@lists.jasig.org as: jgas...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > clemensst...@googlemail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
