Scott, thanks for the protocol hint. This clears things up a little bit. Right now I'm having one app set up with filters based on 3.1, my first (failed) attempts were based on 2.x. I haven't tried any java object validation with 3.1 so far though. I will try to use the filters as much as possible as things clear up, but I'm afraid that in some of our older legacy code, which doesn't adhere to any common practices, I'll have to do some manual stuff.
The fact that the "service" parameters both serve as a part of ticket validation and as the URL the CAS server will redirect to confuses me though. So basically I have to build my app in a way that the page the user is redirected to after login takes care of any application- specific redirection? Example: A user visits a public page A, then navigates to a protected one B. This throws him to the CAS login which again redirects him to application page C. So if I want the user to be redirected to page B I have to take care of this on app-side? Kind regards, Martin Am 20.04.2009 um 00:01 schrieb Scott Battaglia: > Marvin, > > I'm not sure which version of the CAS client you're looking at. > The ones on the main page are probably for the Yale client. The > Jasig client's documentation is here: > > http://www.ja-sig.org/wiki/display/CASC/CAS+Client+for+Java+3.1 > > We don't have documentation on the individual objects because in > general, the filters are sufficient. If you don't want to use the > filters then you need to do the redirection on your own (note: CAS > does Authentication, not authorization). You should read the CAS > protocol for information on how to redirect. There's no object to > help you (though, note, you can apply the authentication filter to > one individual path (i.e. /myapp/login) and have it automatically > redirect when someone accesses that particular page. Validation can > be done by using any of the supplied TicketValidators in the library. > > The CAS protocol can be found here: > http://www.jasig.org/cas/protocol > > However, we strongly recommend you take advantage of the filters > provided by the CAS client, or leverage an independent security > framework such as Spring Security, which utilizes the Jasig CAS > Client library. > > Thanks > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Sun, Apr 19, 2009 at 5:51 AM, Martin Simons <[email protected] > > wrote: > Hello, > > I'm currently in the process of migrating a few Java appplications > to a Single-Sign-On with CAS. In this application it is basically up > to the single page whether authentication/authorization is required > or not. Therefore using the filters in web.xml doesn't seem to be a > good solution. Instead I'd like to integrate the CAS-authentication > into my existing authentication code using the java objects approach > described on the JA-SIG main page (although this specific code > example appears to be outdated). > > Unfortunately, all my attempts so far have failed. I'm lacking a > comprehensive documentation on how to work without the filters or at > least without the filters doing all the work. Is there any resource > on this topic I haven't discovered so far? Google searches didn't > yield much. Specifically I'm interested in how I have to redirect to > the CAS-server for authorization (if I do it manually right now, > providing a "service" parameter, I get an exception in the client > app (from the validation filter) that ticket and service don't > match), how to obtain the ticket/username within the client app and > how to validate the ticket. > > For your information: The exemplary application I'm trying to > integrate with CAS right now is based on Wicket. > > Kind regards and thanks for your advice, > Martin Simons > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
