LSPS documentation logo
LSPS Documentation
Integration with CAS

Integration with CAS allows the user to authenticate against the CAS server and use the authentication to access the LSPS Application User Interface and Management Console.

Before setting up CAS integration, make sure that:

  • WildFly is configured correctly.
  • LSPS EAR can be deployed to the application server successfully.
  • WildFly is configured to support HTTPS on port 8443.

To integrate LSPS applications with CAS, do the following:

  1. Download the module with Java CAS Client classes to WildFly. They are available on the apereo webpage.
  2. Extract the archive to the WildFly modules directory <WILDFLY_HOME>/modules/

    The resulting structure is <WF_HOME>/modules/org/jasig/cas/main/

  3. Add the org.jasig.cas module as a global module of the urn:jboss:domain:ee:3.0 subsystem.
    <subsystem xmlns="urn:jboss:domain:ee:3.0">
       <global-modules>
           <module name="org.jasig.cas" slot="main"/>
       </global-modules>
       ...
    </subsystem>
    
  4. Configure the lspsRealm security domain to use the cas login-module.

    This is the security domain used by the LSPS EAR. By default, LSPS uses the LSPS database for authorization and authentication.

    <!--ORIGINAL REALM
    <security-domain name="lspsRealm" cache-type="default">
        <authentication>
            <login-module code="com.whitestein.lsps.security.jboss.LSPSRealm" flag="required" module="com.whitestein.lsps.security">
                <module-option name="dsJndiName" value="/jdbc/LSPS_DS"/>
            </login-module>
        </authentication>
    </security-domain>-->
    <!--REALM USES CAS -->
    <security-domain name="lspsRealm">
        <authentication>
            <login-module code="org.jasig.cas.client.jaas.CasLoginModule" flag="required" module="org.jasig.cas">
                <module-option name="ticketValidatorClass" value="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"/>
                <module-option name="casServerUrlPrefix" value="https://localhost:8181/cas"/>
                <module-option name="tolerance" value="20000"/>
                <!--defaultRole user will be granted to any user that successfully authenticates against CAS: with this role, the user can access the LSPS applications-->
                <module-option name="defaultRoles" value="user"/>
                <module-option name="roleAttributeNames" value="memberOf,eduPersonAffiliation,authorities"/>
                <module-option name="principalGroupName" value="CallerPrincipal"/>
                <module-option name="roleGroupName" value="Roles"/>
                <module-option name="cacheAssertions" value="true"/>
                <module-option name="cacheTimeout" value="480"/>
            </login-module>
        </authentication>
    </security-domain>
    
  5. Configure lsps web applications in individual web.xml files:
    • Add the CAS servlet filter to the beginning of the servlet filter chain:
      <filter>
          <filter-name>Servlet3 Authentication Filter</filter-name>
          <filter-class>org.jasig.cas.client.jaas.Servlet3AuthenticationFilter</filter-class>
          <init-param>
              <param-name>serverName</param-name>
              <param-value>https://localhost:8443</param-value>
          </init-param>
      </filter>
      <filter>
          <filter-name>CAS Authentication Filter</filter-name>
          <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
          <init-param>
              <param-name>casServerLoginUrl</param-name>
              <param-value>https://localhost:8181/cas/login</param-value>
          </init-param>
          <init-param>
              <param-name>serverName</param-name>
              <param-value>https://localhost:8443</param-value>
          </init-param>
      </filter>
      
    • In the session-config element, set the COOKIE tracking mode:
      <session-config>
          <session-timeout>30</session-timeout>
          <tracking-mode>COOKIE</tracking-mode>
      </session-config>
      
  6. Recompile and redeploy your applications.