[
https://jira.duraspace.org/browse/DS-1028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=26255#comment-26255
]
kgunn commented on DS-1028:
---------------------------
The patch is great, but needed some work for DSpace 1.8.2 and CAS 3.1.x.
1. Configuration: Needed to add authentication-cas.cfg to [dspace]/conf/modules
with following content.
# CAS options
cas.version=3.1.1
cas.server.url=https://<cas server host>:8443/cas-web/login
cas.validate.url=https://<cas server host>:8443/cas-web
cas.logout.url=https://<cas server host>:8443/cas-web/logout
## Create e-persons for no matching user in dspace
webui.cas.autoregister = true
# if webui.cas.enable= true, you can edit the CAS username
# on the EPerson page.
webui.cas.enable = true
2. Modify CASAuthentication.validate(): Need some smarts to decide on version
of CAS as the validation classes changed between 2.1.x and 3.1.x, or just
support the latest stable version of CAS at the time of DSpace release.
public static String validate(String service, String ticket, String
validateURL)
throws IOException, ServletException {
String casVersion =
ConfigurationManager.getProperty("authentication-cas", "cas.version");
if (casVersion == null) {
throw new ServletException("No CAS version specified. You need to
set property 'cas.version'");
}
/*if (casVersion.equals("2.1.1")) {
ServiceTicketValidator stv = null;
String validateUrl = null;
if (ticket.startsWith("ST")) {
stv = new ServiceTicketValidator();
//validateUrl = casServicevalidate;
} else {
//uPortal uses this
stv = new ProxyTicketValidator();
validateUrl = casProxyvalidate;
}
stv.setCasValidateUrl(validateURL);
stv.setService(java.net.URLEncoder.encode(service));
stv.setServiceTicket(ticket);
try {
stv.validate();
} catch (Exception e) {
log.error("Unexpected exception caught", e);
throw new ServletException(e);
}
if (!stv.isAuthenticationSuccesful()) return null;
String netid = stv.getUser();
return netid;
} else*/
if (casVersion.equals("3.1.1")) {
Cas10TicketValidator stv = new Cas10TicketValidator(validateURL);
Assertion assertion = null;
try {
assertion = stv.validate(ticket, service);
} catch (Exception e) {
log.error("Unexpected exception caught", e);
throw new ServletException(e);
}
if (assertion == null || assertion.getPrincipal() == null) return
null;
/* available info from CAS assertion debug
log.info("assertion.getValidFromDate():" +
assertion.getValidFromDate());
log.info("assertion.getValidUntilDate():" +
assertion.getValidUntilDate());
if (assertion.getAttributes() != null) {
Iterator attrIter =
assertion.getAttributes().keySet().iterator();
while (attrIter.hasNext()) {
String key = (String) attrIter.next();
log.info("assertion.Attribute:" + key + " - val:" +
assertion.getAttributes().get(key));
}
}
log.info("assertion.getPrincipal().getName():" +
assertion.getPrincipal().getName());
if (assertion.getPrincipal().getAttributes() != null) {
Iterator attrIter =
assertion.getPrincipal().getAttributes().keySet().iterator();
while (attrIter.hasNext()) {
String key = (String) attrIter.next();
log.info("assertion.Principal.Attribute:" + key + " - val:"
+ assertion.getPrincipal().getAttributes().get(key));
}
}
*/
String netid = assertion.getPrincipal().getName();
return netid;
} else {
throw new ServletException("Unsupported CAS version specified by
property 'cas.version', only CAS 3.1.1 supported");
}
}
3. Accessing configuration parameters change throughout patch code. i.e.
was - ConfigurationManager.getProperty("cas.server.url");
now - ConfigurationManager.getProperty("authentication-cas",
"cas.server.url");
4. Need to update POM dependencies as well.
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.1.3</version>
</dependency>
5. If you enable webui.cas.autoregister, you must get the other eperson info
from your corporate directory. For us we fetch from ActiveDirectory based on
the value of netid(Name of CAS assertion principle).
CASAuthenticate.authenticate() needed updates to do this, but there most likely
not relevant to all CAS Dspace integrations so i have not included that code.
Is there any chance a CASAuthentication method could be added to the DSpace
project permanently?
> Single Sign-On CAS plugin for Dspace 1.7.2
> ------------------------------------------
>
> Key: DS-1028
> URL: https://jira.duraspace.org/browse/DS-1028
> Project: DSpace
> Issue Type: New Feature
> Components: DSpace API, XMLUI
> Reporter: KABORé Wendin-Malegdé Patrick
> Assignee: Mark H. Wood
> Attachments: patch-CAS-Dspace-1.7.2.txt
>
>
> The digital library of Paris-Dauphine University is based on Dspace 1.5.2.
> The authentication method is a single sign-on CAS and was showed on
> http://dspace.2283337.n4.nabble.com/dspace-Patches-2812747-CAS-Single-Sign-On-Authentication-with-DSpace-1-5-1-td3288541.html.
> Now we are upgrading Dspace version to version 1.7.2. I would like to share
> the CAS solution tested on Dspace 1.7.2. The solution is in the patch
> attached in this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
