Your best bet is to try and combine the CAS client with Spring Security's PreAuth component at this point. I was working on documentation but haven't finished it yet (that's one of the items that Bruno was talking about).
Cheers, Scott On Sat, May 1, 2010 at 12:11 PM, prasanna h <[email protected]> wrote: > Thanks Bruno, for coming up with this post. It will be of immense help for > people trying to tie up CAS with Spring Security 3. > > The configuration in the Oudmaijer blog worked fine for me as well. One > thing that still trips me is adding Gateway support to this configuration. > I'm still yet to figure out a clean way to do this and I'm sure it would > have a bearing on the decision to use/upgrade CAS with Spring Security 3. > > Suggestions/ideas for adding gateway support to this setup are welcome. > > Prasanna > > On Sat, May 1, 2010 at 1:14 AM, Bruno Melloni <[email protected] > > wrote: > >> I started this post to ask for help… but I figured things out while >> discovering there is no good information/documentation on *how to upgrade >> CAS to use Spring Security 3.0.x*. I don’t have time right now to do a >> full post on the wiki but I wanted the know-how to be captured somewhere, so >> here it is: >> >> >> >> 1) The CAS documentation ( >> http://www.ja-sig.org/wiki/display/CASC/Using+the+CAS+Client+3.1+with+Spring+Security) >> is a draft and does not work yet. It contains things that trigger Spring >> Security 3.0 error messages. >> >> 2) The Spring Security documentation on how to connect to CAS ( >> http://static.springsource.org/spring-security/site/docs/3.0.x/reference/cas.html) >> may or may not work. It didn’t for me at first, but I changed a few things >> later, so it may actually work. One thing that it does if your HTTPS >> isn’t configured right is send you on an infinite loop of ticket granting. >> So you might want to avoid it anyway. >> >> 3) One configuration that works fairly well is in the oudmaijer blog >> ( >> http://www.oudmaijer.com/blog/2009/12/28/spring-3-spring-security-3-cas-3-3-4-integration/). >> It has a bug where it says (position="CAS_FILTER") since there is no such >> thing as a CAS_FILTER in Spring Security 3.0, but I fixed it by replacing it >> with (after=”PRE_AUTH_FILTER”). This may not be the ‘right value’ but it >> works. One good thing about this configuration is that if HTTPS is >> incorrectly setup it blows up nicely: It shows only one ticket granting, >> and then it throws an exception. >> >> >> >> I went with option (3) and it is working for me. If anybody has >> suggestions for improvement (especially regarding that PRE_AUTH_FILTER >> piece), I would definitely welcome them. >> >> >> >> I hope this helps the person writing the wiki item, and any others who are >> banging their head against the wall while asking themselves why they >> upgraded to Spring Security 3.0.x. >> >> >> >> bruno >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
