This is just a thought. I'm in kind of the same position as you are. I was given the task to implement SSO and SLO for our apps even though I'm rather inexperienced and been working with Spring for less than a year.
I don't know exactly which versions of either Spring, Java nor CAS you are using, and I've found it matters (little, but it does, especially for configuration). The spring security tutorials I think you've followed does work, but they don't really go into much detail, and after a couple monts struggling with it, I found out that the configuration can be VERY flexible. You can autowire several components or declare them as beans or as plain objects, for instance. My first recommendation is to read carefully the basic documentation for the version of CAS you're deploying and read carefully the tutorials and the code. The goal is to really understand how CAS works, as knowing this will make debugging rather straightforward. Next, set goals per point in the spring security-to-CAS communications as described by the Spring Security team in their documentation. You could also mention what style of configuration you're using. I believe XML config is the easiest right now because thats exactly how Spring Security has it documented (Even if Spring itself encourages the use of Java config or properties file config). For Java config I could be more helpful, but translating from XML to Java beans is rather easy (Again, understanding the SpringSecurity-to-CAS flow is pretty much a must here) and most recent tutorials use yaml/application.properties type of config, so just read carefully. If, by any chance, you are using Java 8 stack in Spring (Not boot) applications (Or use Java config) with Cas 5.3.x, then I might be able to help you a bit. I'm guessing most troubles you had revovled around the URLs or Too many petitions or even SSL handshakes if you went that far (Not to mention the SAN little issue when working with self-signed certificates). For short, it works with Spring Security. If you are working with Spring, my recommendation would be to take advantage of Security. El jueves, 8 de julio de 2021 a las 17:35:58 UTC-5, worlds...@gmail.com escribió: > I'm making a web app for my company for a new product and we've setup a > CAS server for authentication. I'm fairly new to Spring in the first place > so this has been pretty steep curve all around, but I've finally used the > java-cas-client to integrate cas into my app. > > I wound up doing this because all the tutorials and guides on how to set > up spring security + CAS never worked. > But now that I've CAS going at all, I'm wondering if I shouldn't go back > to trying to giet it working with Spring Security as well. Does anyone > have any comments/thoughts/experiences that might enlighten me as to what > the "best" path forward is? > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d91dd614-9783-4835-8a5b-1bb111ff9139n%40apereo.org.
