Client Configuration Using Spring
Configuration via Spring IoC will depend heavily on DelegatingFilterProxy class. For each filter that will be configured for CAS via Spring, a corresponding DelegatingFilterProxy is needed in the web.xml. As
the SingleSignOutFilter, HttpServletRequestWrapperFilter and AssertionThreadLocalFilterhave no configuration options, we recommend you just configure them in the web.xml
Bean Configuration
AuthenticationFilter name=\ class=\ p:casServerLoginUrl=\ p:renew=\ p:gateway=\ p:service=\ /> Cas10TicketValidationFilter name=\ class=\ p:service=\> Saml11TicketValidationFilter name=\ class=\ p:service=\> Cas20ProxyReceivingTicketValidationFilter Configuration to validate tickets: name=\ class=\ p:service=\> Configuration to accept a Proxy Granting Ticket: name=\ class=\ p:service=\ p:proxyReceptorUrl=\> class=\ p:proxyCallbackUrl=\> Configuration to accept any Proxy Ticket (and Proxy Granting Tickets): name=\ class=\ p:service=\ p:proxyReceptorUrl=\> p:proxyCallbackUrl=\> Configuration to accept Proxy Ticket from a chain (and Proxy Granting Tickets): name=\ class=\ p:service=\ p:proxyReceptorUrl=\>
The specific filters can be configured in the following ways. Please see the JavaDocs included in the distribution for specific required and optional properties:
Client Configuration Using JNDI
Configuring the CAS client via JNDI is essentially the same as configuring the client via the web.xml, except the properties will reside in JNDI and not in the web.xml. All properties that are placed in JNDI should be placed under java:comp/env/cas
We use the following conventions: 1. JNDI will first look in java:comp/env/cas/{SHORT FILTER NAME}/{PROPERTY NAME} (i.e. java:comp/env/cas/AuthenticationFilter/serverName) 2. JNDI will as a last resort look in java:comp/env/cas/{PROPERTY NAME} (i.e. java:comp/env/cas/serverName)
Example
This is an update to the META-INF/context.xml that is included in Tomcat's Manager application:
name=\ override=\ type=\ value=\/> name=\ override=\ type=\ value=\/> Configuring Single Sign Out The Single Sign Out support in CAS consists of configuring one SingleSignOutFilter and oneContextListener. Please note that if you have configured the CAS Client for Java as Web filters, this filter must come before the other filters as described. The SingleSignOutFilter can affect character encoding. This becomes most obvious when used in conjunction with applications such as Atlassian Confluence. Its recommended you explicitly configure either the VT Character Encoding Filter or the Spring Character Encoding Filter with explicit encodings. Configuration Property artifactParameterName logoutParameterName frontLogoutParameterName relayStateParameterName eagerlyCreateSessions artifactParameterOverPost casServerUrlPrefix Description The ticket artifact parameter name. Defaults toticket Defaults to Defaults to Defaults to Defaults to Defaults to logoutRequest SAMLRequest RelayState true false Required No No No No No No Yes URL to root of CAS Web application context. CAS Protocol
