Gazelle SSO clients for CAS 5.1.5 (Double CAS authentication)
Maven dependencies
Add as dependency in your ejb
<dependency>
<groupId>net.ihe.gazelle</groupId>
<artifactId>gazelle-cas-client</artifactId>
<version>${gazelle.cas.client.version}</version>
</dependency>
Web deployment descriptor
Now you need to update the WEB-INF/web.xml file in your war module.
First remove all previous filters and properties that concern the CAS, then add the followings elements
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>net.ihe.gazelle.atna.questionnaire.authentication.GSSDoubleCasTicketValidationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>Gazelle CAS logout filter</filter-name>
<filter-class>net.ihe.gazelle.atna.questionnaire.authentication.GSSDoubleLogoutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Gazelle CAS logout filter</filter-name>
<url-pattern>/cas/logout</url-pattern>
</filter-mapping>
<filter>
<filter-name>Gazelle Main CAS Authentication Filter</filter-name>
<filter-class>net.ihe.gazelle.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>cas</param-name>
<param-value>main</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Gazelle Main CAS Authentication Filter</filter-name>
<url-pattern>/cas/login</url-pattern>
</filter-mapping>
<filter>
<filter-name>Gazelle Second CAS Authentication Filter</filter-name>
<filter-class>net.ihe.gazelle.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>cas</param-name>
<param-value>second</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Gazelle Second CAS Authentication Filter</filter-name>
<url-pattern>/cas/login2</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
This example is for Gazelle Security Suite, the filter-class of Gazelle CAS logout filter and CAS Validation Filter need to be changed if you use this in another tool. The classes must be created in your project :
- One must extends DoubleCas30ProxyReceivingTicketValidationFilter (for the CAS Validation Filter)
- The other must extends DoubleLogoutFilter (for the Gazelle CAS logout filter)
In both case, 3 functions need to be implemented (check on atna-questionnaire to see an exemple) :
public abstract void computeUserSCas(ServletRequest servletRequest);
public abstract CasLogin getCasLoginForUser(ServletRequest servletRequest);
public abstract boolean isSecondCasEnabled();
Then add, still in web.xml the following configuration properties
<context-param>
<param-name>configurationStrategy</param-name>
<param-value>net.ihe.gazelle.cas.client.doubleauthentication.PropertiesConfigurationStrategyImpl</param-value>
</context-param>
<context-param>
<param-name>configFileLocationMainCas</param-name>
<param-value>/opt/gazelle/cas/file.properties</param-value>
</context-param>
<context-param>
<param-name>configFileLocationSecondCas</param-name>
<param-value>/opt/gazelle/cas/file_second_cas.properties</param-value>
</context-param>
The two last one indicates where the gazelle-cas-client will find information to connect with the CAS server.
Navigation configuration
You also need to configure your page.xml file to:
- Configure correctly the logout action (logout from CAS not only from the application)
- Keep the URL parameters when user logged in
To do so, configuration the navigation section as shown below
<page view-id="*">
<navigation from-action="#{identity.logout}">
<rule if="#{!applicationConfigurationManager.isWorksWithoutCas()}">
<redirect view-id="/cas/logout.xhtml"/>
</rule>
<rule if="#{applicationConfigurationManager.isWorksWithoutCas()}">
<redirect view-id="/home.xhtml"/>
</rule>
</navigation>
</page>
<page view-id="/cas/identityLogout.xhtml">
<action execute="#{identity.logout}"/>
<navigation>
<redirect view-id="/home.xhtml"/>
</navigation>
</page>
<page view-id="/cas/login">
<navigation>
<redirect view-id="/home.xhtml"/>
</navigation>
</page>
<page view-id="/cas/login2">
<navigation>
<redirect view-id="/home2.xhtml"/>
</navigation>
</page>
Menu bar configuration
The links in your menu bar shall look like the following (login then logout) :
<li>
<h:outputLink id="menuLoginCasId2" value="#{applicationConfiguration.getValueOfVariable('application_url')}/cas/login">
<h:outputText value="#{applicationAttributes.getMainCasName()}"/>
<f:param name="request" value="#{request.requestURL}" disable="#{request.queryString != null}"/>
<f:param name="request" value="#{request.requestURL}?#{request.queryString}" disable="#{request.queryString == null}"/>
<f:param name="cas" value="main"/>
</h:outputLink>
</li>
<li>
<h:outputLink id="menuLoginCasId3" value="#{applicationConfiguration.getValueOfVariable('application_url')}/cas/login2">
<h:outputText value="#{applicationAttributes.getSecondCasName()}"/>
<f:param name="request" value="#{request.requestURL}" disable="#{request.queryString != null}"/>
<f:param name="request" value="#{request.requestURL}?#{request.queryString}" disable="#{request.queryString == null}"/>
<f:param name="cas" value="second"/>
</h:outputLink>
</li>