> 5. the context-param called "service" is specified in the web.xml and points > to the CAS installation, the same value as "service" login module property, > it's simply required by AbstractCasFilter
This is not required for JAAS as the module options alone are used to configure the ticket validator. > 6. org.jasig.cas.client.session.SingleSignOutHttpSessionListener is present > in the web.xml, org.jasig.cas.client.session.SingleSignOutFilter, > org.jasig.cas.client.jboss.authentication.WebAuthenticationFilter are > provided and bound to /*. Proper WebAuthenticationFilter is essential. From what you described, sounds correct. > 1. Should the WebAuthenticationFilter (or any other member of this quartet) > redirect me to CAS login site if I'm not logged in? Yes, WebAuthenticationFilter is responsible for examining servlet state for the CAS Assertion in the session, and redirecting to CAS login page if not found. Additionally, it is responsible for extracting a service ticket, validating it, and setting up the JAAS context programmatically using the JBoss-specific WebAuthentication class. > 3. How should be the web.xml descriptor defined in terms of login-config? > Which auth-method should be used, if any? BASIC, DIGEST? None of them seems > appropiate - I would just expect a redirect. How about the "realm" - should > its name the same as the name of the application-policy and security-domain? Those are all irrelevant. If your EJB application is using JAAS, and you've correctly installed the JAAS config into the JEE context, it will work as you expect. > Is there anything I've forgotten to do or simply misunderstood? I reviewed your web.xml, and it looks correct. Please turn up the logging for org.jasig.cas.client to DEBUG and post the logs for a request that should trigger the WebAuthenticationFilter. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
