Hi Prasad! Yes, we have implemented an OAuth2 system that consist of the following parts:
- CAS 4.0 as the authentication provider - A UI application - An application that provides REST services The CAS part was relatively easy. We just followed this documentation: http://jasig.github.io/cas/4.0.x/installation/OAuth-OpenId-Authentication.html The two other applications are written in Spring Boot and use Spring’s OAuth means of configuration (annotations on configuration classes etc). The UI application uses CAS OAuth as the authentication provider, so you must log in via CAS to use it. When a REST call to the 2nd app is made, the OAuth token travels with the request in an HTTP header. The REST application then verifies the token against CAS. Apart Spring Boot problems, we encountered just one problem related to CAS: The OAuth Profile URL needs a parameter but Spring Boot’s OAuth support is not ready for providing it – it assumes the Profile URL is always without any parameters. We solved this by a little hack to Spring Boot’s OAuth calls. If you have any specific questions, please ask. Best Regards, Jarda -------------------------------------------------- Jaroslav KAČER IDC | Web Channel Team | Application Developer E-Mail: jka...@idc.com<mailto:jka...@idc.com> Skype: jkacer.idc From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Mahantesh Prasad Katti Sent: 8. April 2016 9:45 dop. To: cas-user@apereo.org Subject: [cas-user] RE: CAS+Oauth All, I just wanted to circle back on this. I am sure you would be busy and not had a chance to look this. So yes. I would really appreciate if you could share any similar experiences that you may have run into. Regards Prasad From: cas-user@apereo.org<mailto:cas-user@apereo.org> [mailto:cas-user@apereo.org] On Behalf Of Mahantesh Prasad Katti Sent: Thursday, April 07, 2016 11:02 AM To: cas-user@apereo.org<mailto:cas-user@apereo.org> Subject: [cas-user] CAS+Oauth Hi All, We have an SSO system in place that is based on CAS. We are also planning to move towards oauth for implementing a centralized authorization strategy that would be backed by JSON web token. I wanted to know the following: 1. In theory it looks feasible. However, if anybody has done the same exercise, would like to know the complexity of the same in terms of customizing and extending CAS. Any references would help. 2. Also, does CAS work with any other protocol apart from SAML that is lighter weight and standards based? Regards, Prasad -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/83FA22EE27AA7949A5F616D4DD6AF71E16EC946A%40INBLRMBX001.INDECOMM.LOCAL<https://groups.google.com/a/apereo.org/d/msgid/cas-user/83FA22EE27AA7949A5F616D4DD6AF71E16EC946A%40INBLRMBX001.INDECOMM.LOCAL?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/83FA22EE27AA7949A5F616D4DD6AF71E16EC9A8C%40INBLRMBX001.INDECOMM.LOCAL<https://groups.google.com/a/apereo.org/d/msgid/cas-user/83FA22EE27AA7949A5F616D4DD6AF71E16EC9A8C%40INBLRMBX001.INDECOMM.LOCAL?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BY2PR02MB133276063AF46D4E3415C640CF910%40BY2PR02MB1332.namprd02.prod.outlook.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
