Trusted-Authentication.md 1.94 KB
Newer Older
Misagh Moayyed's avatar
Misagh Moayyed committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
---
layout: default
title: CAS - Trusted Authentication
---

# Trusted Authentication
The trusted authentication handler provides support for trusting authentication performed by some other component
in the HTTP request handling chain. Proxies (including Apache in a reverse proxy scenario) are the most common
components that perform authentication in front of CAS.

Trusted authentication handler support is enabled by including the following dependency in the Maven WAR overlay:

{% highlight xml %}
<dependency>
  <groupId>org.jasig.cas</groupId>
  <artifactId>cas-server-support-trusted</artifactId>
  <version>${cas.version}</version>
</dependency>
{% endhighlight %}


## Configure Trusted Authentication Handler
Modify `deployerConfigContext.xml` according to the following template:

{% highlight xml %}
<bean id="trustedHandler"
      class="org.jasig.cas.adaptors.trusted.authentication.handler.support.PrincipalBearingCredentialsAuthenticationHandler" />

<bean id="trustedPrincipalResolver"
      class="org.jasig.cas.adaptors.trusted.authentication.principal.PrincipalBearingPrincipalResolver" />

<bean id="authenticationManager"
      class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
  <constructor-arg>
    <map>
      <entry key-ref="trustedHandler" value-ref="trustedPrincipalResolver"/>
    </map>
  </constructor-arg>
  <property name="authenticationMetaDataPopulators">
    <list>
      <bean class="org.jasig.cas.authentication.SuccessfulHandlerMetaDataPopulator" />
    </list>
  </property>
</bean>
{% endhighlight %}


## Configure Webflow Components
Add an additional state to `login-webflow.xml`:

{% highlight xml %}
<action-state id="remoteAuthenticate">
Siddharth Goel's avatar
Siddharth Goel committed
53
  <evaluate expression="principalFromRemoteAction" />
Misagh Moayyed's avatar
Misagh Moayyed committed
54
55
56
57
58
59
60
  <transition on="success" to="sendTicketGrantingTicket" />
  <transition on="error" to="viewLoginForm" />
</action-state>
{% endhighlight %}

Replace references to `viewLoginForm` in existing states with `remoteAuthenticate`.