Announcement Announcement Module
Collapse
No announcement yet.
CAS configuration doubt Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • CAS configuration doubt

    I have 3 doubts . Could you please clarify these doubts ? tutorial talks about config with localhost which I dont feel comfortable. In my situation I will have a CAS client box and a CAS server box. ...they have different IP .

    I'm not comfortable whether localhost in this tutorial refers to CAS client box or CAS server box.


    From tutorial link I find these config settings :
    Doubt1

    19.3. Configuration of CAS Client


    <bean id="casProcessingFilterEntryPoint"
    class="org.springframework.security.ui.cas.CasProc essingFilterEntryPoint">
    <property name="loginUrl" value="https://localhost:9443/cas/login"/> //localhost is CAS server box or Client box ?
    <property name="serviceProperties" ref="serviceProperties"/>
    </bean>




    Doubt 2:

    <property name="ticketValidator">
    <bean class="org.jasig.cas.client.validation.Cas20Servic eTicketValidator">
    <constructor-arg index="0" value="https://localhost:9443/cas" /> //localhost is CAS server box or Client box ?
    </bean>
    </property>
    <property name="key" value="an_id_for_this_auth_provider_only"/>





    Doubt 3

    <bean id="casAuthenticationProvider"
    class="org.springframework.security.cas.authentica tion.CasAuthenticationProvider">
    ...
    <property name="ticketValidator">
    <bean class="org.jasig.cas.client.validation.Cas20ProxyT icketValidator">
    <constructor-arg value="https://localhost:9443/cas"/> //localhost is CAS server box or Client box ?

    <property name="proxyCallbackUrl"
    value="https://localhost:8443/cas-sample/j_spring_cas_security_proxyreceptor"/> //localhost is CAS server box or Client box ?
    <property name="proxyGrantingTicketStorage" ref="pgtStorage"/>
    </bean>
    </property>
    </bean>
    Last edited by andromeda; May 7th, 2012, 12:17 PM.

  • #2
    Hi,

    Doubt1:
    The loginUrl property is the login url of your CAS server.

    Doubt2:
    The casServerPrefixUrl property (param 0 in constructor) is the prefix url of the CAS server for service ticket validation.

    Doubt3:
    Same as in doubt2 for proxy ticket validation.
    For the proxyCallbackUrl, it's on the client side to be able to link the pgtIou with the pgtId. I recommend reading : https://wiki.jasig.org/display/CAS/P...AS+Walkthrough.

    Best regards,
    Jérôme

    Comment


    • #3
      Thanks for the post. I dont understand some parts in your comments . Can you please clarify the red part in your comment ?

      Originally posted by jleleu View Post
      Hi,

      Doubt1:
      The loginUrl property is the login url of your CAS server.

      Doubt2:
      The casServerPrefixUrl property (param 0 in constructor) is the prefix url of the CAS server for service ticket validation.

      What is a prefix url of CAS server ? Can you please explain this part with an example.

      Doubt3:
      Same as in doubt2 for proxy ticket validation.
      For the proxyCallbackUrl, it's on the client side to be able to link the pgtIou with the pgtId.

      Did you mean its the url of the client box ?

      Best regards,
      Jérôme

      Comment


      • #4
        Hi,

        The CAS prefix url is the root url of the CAS server. Let's take an example : you have a CAS server with /cas as the root context.
        The login url is http://host/cas/login. The prefix url is http://host/cas.
        In fact, it's called that way as the url built for ticket validation is the CAS prefix url + /serviceValidate (http://host/cas/serviceValidate).

        Client side, you have the CAS service url, generally http://host2/myapp/j_spring_cas_security_check. This url is used as CAS service on CAS server side. It's the url called after authentication on which a service ticket is added.
        For CAS proxy mechanism, you need one more url to receive pgtIou and pgtId parameters, the pgtIou is also received in return of service ticket validation. This way, you can obtain the pgtId for this authentication, pgtId you will use to get proxy ticket (exactly the same role as service ticket but for proxified service).
        This one more url is generally : http://host2/myapp/j_spring_cas_security_proxyreceptor. Here is the Spring security doc : http://static.springsource.org/sprin...rence/cas.html.

        Best regards,
        Jérôme

        Comment


        • #5
          Thanks . You are very much helpful. I still have little doubt in some parts in your comments . Could you please clarify this.

          Originally posted by jleleu View Post
          Hi,

          The CAS prefix url is the root url of the CAS server. Let's take an example : you have a CAS server with /cas as the root context.
          The login url is http://host/cas/login. The prefix url is http://host/cas.
          In fact, it's called that way as the url built for ticket validation is the CAS prefix url + /serviceValidate (http://host/cas/serviceValidate).
          Excellent. got this part.

          Client side, you have the CAS service url, generally http://host2/myapp/j_spring_cas_security_check. This url is used as CAS service on CAS server side.
          What is host2 ? I guess its the client box ..right?

          (because you have used host for cas server ..so I guess host2 is for client box )
          Last edited by andromeda; May 9th, 2012, 10:12 PM.

          Comment


          • #6
            Hi,

            You're right : host is the host of the CAS server and host2 is the host of the client application.
            Best regards,
            Jérôme

            Comment


            • #7
              Thanks. It was very much helpful.

              Comment

              Working...
              X