Académique Documents
Professionnel Documents
Culture Documents
Welcome!
htt$())www*4asig*org)cas
htt$s())www*$urdue*edu)a$$s)account)docs)CAS)CAS5information*4s$
4/7/2011 Purdue University Identity and Access Management 2
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
a) 6rowser
b) A$$lication ser#er
8ssues %9% cookie (ticket granting ticket) so user does not ha#e to
login e#ery redirect to CAS ser#er
8f the CAS client does not see a ticket $arameter in the re7uest,
user is redirected back to the CAS login $age with
ser#ice;url5to5return5to, in this e=am$le
htt$())localhost(B.B.)sam$lea$$)test
4/7/2011 Purdue University Identity and Access Management 5
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
e#en see the $assword, itDs between the browser and CAS ser#er
4/7/2011 Purdue University Identity and Access Management 8
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
CAS ser#ice ticket is only #alid one time, and the CAS client
needs to use it within 1. seconds or it will e=$ire
4/7/2011 Purdue University Identity and Access Management 11
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
Gou can test this now yourself against the new CAS ser#er #ersion 0*+*@ (which
will become $roduction in 3ay -.//)(
https://www.purdue.edu/apps/account/cas-server-uber-webapp-3.4.6/login
https://www.purdue.edu/apps/account/cas-server-uber-webapp-3.4.6/serviceValidate
4/7/2011 Purdue University Identity and Access Management 13
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
htt$s())wiki*4asig*org)dis$lay)CASC)CASHClientHforH&a#aH0*/
Iooking at one CAS client will hel$ understand how any of them
will need configured
Ee=t two slides show the web*=ml to configure the &a#a CAS
client for the $re#ious e=am$le(
4/7/2011 Purdue University Identity and Access Management 15
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://www.purdue.edu/apps/account/cas-server-uber-webapp-3.4.6/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://www.purdue.edu/apps/account/cas-server-uber-webapp-3.4.6</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>exceptionOnValidationFailure</param-name>
<param-value>false</param-value>
</init-param>
</filter>
4/7/2011 Purdue University Identity and Access Management 16
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
See htt$s())wiki*4asig*org)dis$lay)CAS3):FS%fulHA'8
F=am$le(
POST a username and password to https://CAS_SERVER_URL/v1/tickets
(with Accept: text/plain as a header)
And if the login/password check out, the server sends back
201 Created
Location: https://CAS_SERVER_URL/v1/tickets/{TGT id}
If authentication fails, the server returns back a 400 code
4/7/2011 Purdue University Identity and Access Management 18
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
htt$s())www*$urdue*edu)a$$s)account)docs)CAS)CAS5information*4s$
https://www.purdue.edu/apps/account/IAMO/Purdue_CareerAccount_BoilerKey.jsp
4/7/2011 Purdue University Identity and Access Management 19
A detailed walk through a CAS authentication
(and how to get your mits on the authenticated user)
Juestions?