Integration with CAS allows the user to authenticate against the CAS server and use the authentication to access the LSPS Application User Interface and Management Console.
Before setting up CAS integration, make sure that:
To integrate LSPS applications with CAS, do the following:
Extract the archive to the WildFly modules directory <WILDFLY_HOME>/modules/
The resulting structure is <WF_HOME>/modules/org/jasig/cas/main/
<subsystem xmlns="urn:jboss:domain:ee:3.0">
<global-modules>
<module name="org.jasig.cas" slot="main"/>
</global-modules>
...
</subsystem>
Configure the lspsRealm security domain to use the cas login-module.
This is the security domain used by the LSPS EAR. By default, LSPS uses the LSPS database for authorization and authentication.
<!--ORIGINAL REALM
<security-domain name="lspsRealm" cache-type="default">
<authentication>
<login-module code="com.whitestein.lsps.security.jboss.LSPSRealm" flag="required" module="com.whitestein.lsps.security">
<module-option name="dsJndiName" value="/jdbc/LSPS_DS"/>
</login-module>
</authentication>
</security-domain>-->
<!--REALM USES CAS -->
<security-domain name="lspsRealm">
<authentication>
<login-module code="org.jasig.cas.client.jaas.CasLoginModule" flag="required" module="org.jasig.cas">
<module-option name="ticketValidatorClass" value="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"/>
<module-option name="casServerUrlPrefix" value="https://localhost:8181/cas"/>
<module-option name="tolerance" value="20000"/>
<!--defaultRole user will be granted to any user that successfully authenticates against CAS: with this role, the user can access the LSPS applications-->
<module-option name="defaultRoles" value="user"/>
<module-option name="roleAttributeNames" value="memberOf,eduPersonAffiliation,authorities"/>
<module-option name="principalGroupName" value="CallerPrincipal"/>
<module-option name="roleGroupName" value="Roles"/>
<module-option name="cacheAssertions" value="true"/>
<module-option name="cacheTimeout" value="480"/>
</login-module>
</authentication>
</security-domain>
<filter>
<filter-name>Servlet3 Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.jaas.Servlet3AuthenticationFilter</filter-class>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8181/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</init-param>
</filter>
<session-config>
<session-timeout>30</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>