Author: taylor
Date: Mon Mar 22 21:17:13 2010
New Revision: 926341
URL: http://svn.apache.org/viewvc?rev=926341&view=rev
Log:
http://issues.apache.org/jira/browse/JS2-1055
documentation for CAS
Modified:
portals/site/jetspeed/jetspeed-2.2/jetspeed-guide-deploy/src/site/xdoc/config-sso.xml
Modified:
portals/site/jetspeed/jetspeed-2.2/jetspeed-guide-deploy/src/site/xdoc/config-sso.xml
URL:
http://svn.apache.org/viewvc/portals/site/jetspeed/jetspeed-2.2/jetspeed-guide-deploy/src/site/xdoc/config-sso.xml?rev=926341&r1=926340&r2=926341&view=diff
==============================================================================
---
portals/site/jetspeed/jetspeed-2.2/jetspeed-guide-deploy/src/site/xdoc/config-sso.xml
(original)
+++
portals/site/jetspeed/jetspeed-2.2/jetspeed-guide-deploy/src/site/xdoc/config-sso.xml
Mon Mar 22 21:17:13 2010
@@ -210,6 +210,89 @@ The second constructor turns on or off J
</subsection>
+<subsection name='CAS'>
+<p>
+The <a href='http://www.jasig.org/cas'>Central Authentication Service</a>,
CAS, is a single sign-on protocol for the web.
+Like other Single Sign-on systems (SSO), its purpose is to permit a user to
access multiple applications while providing their credentials (such as userid
and password) only once.
+It also allows web applications to authenticate users without gaining access
to a user's security credentials, such as a password.
+</p>
+<p>
+Jetspeed is distributed with a CAS servlet filter for performing Single
Sign-on (SSO) with CAS and the Jetspeed Portal.
+ CAS must first be installed into your application server. Once it is
installed and configured, users can login via CAS. When they go to visit any
Jetspeed pages,
+ Jetspeed can check to see if CAS has successfully authenticated. If CAS has
authenticated, Jetspeed participates in CAS SSO, by using the identity
provided by CAS internally.
+ The following sections describe how to configure Jetspeed with CAS.
+</p>
+<h4>Configuring the CAS Filter</h4>
+<p>
+ Be sure to configure your application server with CAS here as described here:
+ <a
href='http://www.ja-sig.org/wiki/display/CASC/CAS+Client+for+Java+3.1'>Configuring
CAS with Java</a>. Once you have configured the application server with CAS
and verified
+ that is working, then continue with the Jetpeed configuration instructions
here. The CAS filter is configured in Jetspeed's web.xml. You will need to add
the following lines to the web.xml.
+ The CAS Filter should be placed in the web.xml before the Jetspeed Portal
Filter. Note that the init-params values will be specific to your deployment.
We provide some localhost examples here:
+</p>
+<source><![CDATA[
+<filter>
+ <filter-name>CAS Filter</filter-name>
+ <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
+ <init-param>
+ <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
+ <param-value>http://localhost/login</param-value>
+ </init-param>
+ <init-param>
+ <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
+ <param-value>http://localhost/serviceValidate</param-value>
+ </init-param>
+ <init-param>
+ <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
+ <param-value>localhost</param-value>
+ </init-param>
+</filter>
+]]></source>
+<p>Make sure to add the CAS filter mapping to your web.xml as well:</p>
+<source><![CDATA[
+ <filter-mapping>
+ <filter-name>CAS Filter</filter-name>
+ <url-pattern>/portal/caslogin/*</url-pattern>
+ </filter-mapping>
+]]></source>
+
+<h4>Configuring the Jetspeed CAS Portal Filter</h4>
+<p>
+ The Jetspeed CAS Portal filter reads and interprets the CAS session state to
participate in CAS SSO. The Jetspeed CAS Portal filter is configured in
Jetspeed's web.xml.
+ You will need to add the following lines to the web.xml. Make sure to place
the filter after(below) the CAS Filter described above.
+</p>
+<source><![CDATA[
+ <filter>
+ <filter-name>PortalFilter</filter-name>
+
<filter-class>org.apache.jetspeed.security.impl.cas.CASPortalFilter</filter-class>
+ </filter>
+]]></source>
+<p>Make sure to add the filter mapping to your web.xml as well:</p>
+<source><![CDATA[
+ <filter-mapping>
+ <filter-name>PortalFilter</filter-name>
+ <url-pattern>/portal/*</url-pattern>
+ </filter-mapping>
+]]></source>
+<p>
+If there is no CAS session state, Jetspeed will not authenticate the user.
+If there is CAS session state, Jetspeed will use them and automatically
authenticate users,
+ bypassing Jetspeed's internal authentication and login mechanisms.
+</p>
+
+<h4>Logging out</h4>
+<p>To enable CAS session logout, add the following init parameter to the
Jetspeed Logout Servlet in Jetspeed's web.xml. Note the param value will be
specific to your CAS configuration. </p>
+<source><![CDATA[
+ <servlet>
+ <servlet-name>LogoutServlet</servlet-name>
+ <servlet-class>org.apache.jetspeed.login.LogoutServlet</servlet-class>
+ <init-param>
+ <param-name>casLogoutUrl</param-name>
+ <param-value>http://localhost/logout</param-value>
+ </init-param>
+ </servlet>
+]]></source>
+
+</subsection>
</section>
</body>
</document>
\ No newline at end of file
