Fernando's message below is great advice. The version of the CAS server
isn't going to matter too terribly much. It will depend on what protocol
you are planning to use against CAS. I'm going to guess CAS Protocol v3,
which gives you everything you need. You are going to want a security
library in your application. Since it is taking logins, something in it
must be not for public consumption, and the easiest way to tie all of
that together is through a security library. I use Apache Shiro (we
don't use Spring), but have used Spring Security in the past and it is a
very capable library. You will want to take advantage of Spring
Security, and you will want to have CAS auth travel through your
security library.
On 7/9/21 9:26 AM, Fernando Bárcenas Martínez wrote:
This is just a thought. I'm in kind of the same position as you are. I
was given the task to implement SSO and SLO for our apps even though
I'm rather inexperienced and been working with Spring for less than a
year.
I don't know exactly which versions of either Spring, Java nor CAS you
are using, and I've found it matters (little, but it does, especially
for configuration). The spring security tutorials I think you've
followed does work, but they don't really go into much detail, and
after a couple monts struggling with it, I found out that the
configuration can be VERY flexible. You can autowire several
components or declare them as beans or as plain objects, for instance.
My first recommendation is to read carefully the basic documentation
for the version of CAS you're deploying and read carefully the
tutorials and the code. The goal is to really understand how CAS
works, as knowing this will make debugging rather straightforward.
Next, set goals per point in the spring security-to-CAS communications
as described by the Spring Security team in their documentation.
You could also mention what style of configuration you're using. I
believe XML config is the easiest right now because thats exactly how
Spring Security has it documented (Even if Spring itself encourages
the use of Java config or properties file config). For Java config I
could be more helpful, but translating from XML to Java beans is
rather easy (Again, understanding the SpringSecurity-to-CAS flow is
pretty much a must here) and most recent tutorials use
yaml/application.properties type of config, so just read carefully.
If, by any chance, you are using Java 8 stack in Spring (Not boot)
applications (Or use Java config) with Cas 5.3.x, then I might be able
to help you a bit. I'm guessing most troubles you had revovled around
the URLs or Too many petitions or even SSL handshakes if you went that
far (Not to mention the SAN little issue when working with self-signed
certificates).
For short, it works with Spring Security. If you are working with
Spring, my recommendation would be to take advantage of Security.
El jueves, 8 de julio de 2021 a las 17:35:58 UTC-5,
worlds...@gmail.com escribió:
I'm making a web app for my company for a new product and we've
setup a CAS server for authentication. I'm fairly new to Spring
in the first place so this has been pretty steep curve all around,
but I've finally used the java-cas-client to integrate cas into my
app.
I wound up doing this because all the tutorials and guides on how
to set up spring security + CAS never worked.
But now that I've CAS going at all, I'm wondering if I shouldn't
go back to trying to giet it working with Spring Security as
well. Does anyone have any comments/thoughts/experiences that
might enlighten me as to what the "best" path forward is?
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d91dd614-9783-4835-8a5b-1bb111ff9139n%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/d91dd614-9783-4835-8a5b-1bb111ff9139n%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2e390fc6-03af-cc65-2033-1a2d78acd57b%40ndsu.edu.