Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
ist-unix
CAS-server
Commits
7912f50e
Commit
7912f50e
authored
Sep 24, 2015
by
Misagh Moayyed
Browse files
Radius context config automated
parent
2f532365
Changes
5
Hide whitespace changes
Inline
Side-by-side
cas-server-documentation/installation/RADIUS-Authentication.md
View file @
7912f50e
...
...
@@ -7,52 +7,47 @@ title: CAS - RADIUS Authentication
RADIUS support is enabled by including the following dependency in the Maven WAR overlay:
{% highlight xml %}
<dependency>
<groupId>
org.jasig.cas
</groupId>
<artifactId>
cas-server-support-radius
</artifactId>
<version>
${cas.version}
</version>
</dependency>
<dependency>
<groupId>
org.jasig.cas
</groupId>
<artifactId>
cas-server-support-radius
</artifactId>
<version>
${cas.version}
</version>
</dependency>
{% endhighlight %}
##
RADIUS Components
##
Configuration
######`RadiusAuthenticationHandler`
The RADIUS handler accepts username/password credentials and delegates authentication to one or more RADIUS
servers. It supports two types of failovers: failover on an authentication failure, and failover on a server exception.
*
`failoverOnAuthenticationFailure`
- True to continue to the next configured RADIUS server on authentication failure,
false otherwise. This flag is typically set when user accounts are spread across one or more RADIUS servers.
*
`failoverOnException`
- True to continue to next configured RADIUS server on an error other than authentication
failure, false otherwise. This flag is typically set to support highly available deployments where authentication
should proceed in the face of one or more RADIUS server failures.
*
`servers`
- Array of RADIUS servers to delegate to for authentication.
######`JRadiusServerImpl`
Component representing a RADIUS server has the following configuration properties.
{% highlight xml %}
<bean id="radiusAuthenticationHandler"
class="org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler"
p:failoverOnAuthenticationFailure="${cas.radius.failover.authn:false}"
p:failoverOnException="${cas.radius.failover.exception:false}"
p:servers-ref="radiusServers" />
*
`protocol`
- radius protocol to use.
*
`clientFactory`
- factory establish and create radius client instances.
<util:list
id=
"radiusServers"
>
<ref
bean=
"radiusServer"
/>
</util:list>
{% endhighlight %}
## RADIUS Configuration Example
{% highlight xml %}
<bean id="radiusServer"
class="org.jasig.cas.adaptors.radius.JRadiusServerImpl"
c:protocol="EAP_MSCHAPv2"
c:clientFactory-ref="radiusClientFactory" />
The following settings may control the configuration RADIUS server and client:
{% highlight properties %}
# cas.radius.client.inetaddr=localhost
# cas.radius.client.port.acct=
# cas.radius.client.socket.timeout=60
# cas.radius.client.port.authn=
# cas.radius.client.sharedsecret=N0Sh@ar3d$ecReT
# cas.radius.server.protocol=EAP_MSCHAPv2
# cas.radius.server.retries=3
# cas.radius.server.nasIdentifier=-1
# cas.radius.server.nasPort=-1
# cas.radius.server.nasPortId=-1
# cas.radius.server.nasRealPort=-1
# cas.radius.server.nasPortType=-1
# cas.radius.server.nasIpAddress=
# cas.radius.server.nasIpv6Address=
# cas.radius.failover.authn=false
# cas.radius.failover.exception=false
{% endhighlight %}
<bean id="radiusClientFactory"
class="org.jasig.cas.adaptors.radius.RadiusClientFactory"
p:inetAddress="localhost"
p:sharedSecret="fqhwhgads" />
<bean id="radiusAuthenticationHandler"
class="org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler">
<property
name=
"servers"
>
<list>
<ref
local=
"radiusServer"
/>
</list>
</property>
</bean>
{% endhighlight %}
cas-server-support-radius/pom.xml
View file @
7912f50e
...
...
@@ -56,6 +56,18 @@
<artifactId>
commons-collections
</artifactId>
<groupId>
commons-collections
</groupId>
</exclusion>
<exclusion>
<artifactId>
commons-beanutils
</artifactId>
<groupId>
commons-beanutils
</groupId>
</exclusion>
<exclusion>
<artifactId>
bcprov-jdk15
</artifactId>
<groupId>
org.bouncycastle
</groupId>
</exclusion>
<exclusion>
<artifactId>
slf4j-log4j12
</artifactId>
<groupId>
org.slf4j
</groupId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
...
...
cas-server-support-radius/src/main/java/org/jasig/cas/adaptors/radius/authentication/handler/support/RadiusAuthenticationHandler.java
View file @
7912f50e
...
...
@@ -56,6 +56,15 @@ public class RadiusAuthenticationHandler extends AbstractUsernamePasswordAuthent
*/
private
boolean
failoverOnAuthenticationFailure
;
/**
* Instantiates a new Radius authentication handler.
*/
public
RadiusAuthenticationHandler
()
{
super
();
logger
.
debug
(
"Using {}"
,
getClass
().
getSimpleName
());
}
@Override
protected
final
HandlerResult
authenticateUsernamePasswordInternal
(
final
UsernamePasswordCredential
credential
)
throws
GeneralSecurityException
,
PreventedException
{
...
...
cas-server-support-radius/src/main/resources/META-INF/spring/radius-server-config.xml
0 → 100644
View file @
7912f50e
<!--
Licensed to Apereo under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Apereo licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans
xmlns=
"http://www.springframework.org/schema/beans"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns:p=
"http://www.springframework.org/schema/p"
xmlns:c=
"http://www.springframework.org/schema/c"
xmlns:context=
"http://www.springframework.org/schema/context"
xmlns:util=
"http://www.springframework.org/schema/util"
xsi:schemaLocation=
"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
>
<description>
This file is loaded by the Spring configuration automatically, and serves as a placeholder
for various view definitions and beans. This helps with construction of views that require
references to other beans and whose changes can be configured externally.
</description>
<util:constant
static-field=
"org.jasig.cas.adaptors.radius.RadiusServer.DEFAULT_PORT_ACCOUNTING"
id=
"accountingPort"
/>
<util:constant
static-field=
"org.jasig.cas.adaptors.radius.RadiusServer.DEFAULT_PORT_AUTHENTICATION"
id=
"authenticationPort"
/>
<bean
id=
"radiusServer"
class=
"org.jasig.cas.adaptors.radius.JRadiusServerImpl"
c:protocol=
"${cas.radius.server.protocol:EAP_MSCHAPv2}"
p:retries=
"${cas.radius.server.retries:3}"
p:nasIdentifier=
"${cas.radius.server.nasIdentifier:-1}"
p:nasPort=
"${cas.radius.server.nasPort:-1}"
p:nasPortId=
"${cas.radius.server.nasPortId:-1}"
p:nasRealPort=
"${cas.radius.server.nasRealPort:-1}"
p:nasPortType=
"${cas.radius.server.nasPortType:-1}"
p:nasIpAddress=
"${cas.radius.server.nasIpAddress:}"
p:nasIpv6Address=
"${cas.radius.server.nasIpv6Address:}"
c:clientFactory-ref=
"radiusClientFactory"
/>
<bean
id=
"radiusClientFactory"
class=
"org.jasig.cas.adaptors.radius.RadiusClientFactory"
p:inetAddress=
"${cas.radius.client.inetaddr:localhost}"
p:accountingPort=
"${cas.radius.client.port.acct:#{accountingPort}}"
p:socketTimeout=
"${cas.radius.client.socket.timeout:60}"
p:authenticationPort=
"${cas.radius.client.port.authn:#{authenticationPort}}"
p:sharedSecret=
"${cas.radius.client.sharedsecret:N0Sh@ar3d$ecReT}"
/>
</beans>
cas-server-webapp/src/main/webapp/WEB-INF/cas.properties
View file @
7912f50e
...
...
@@ -356,9 +356,28 @@ tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dW
# memcached.failureMode=Redistribute
# memcached.buffersize=8192
##
# OpenID Support
#
# Enforce relying party id
# cas.openid.enforce.rpid=false
##
# RADIUS Authentication Server
#
# cas.radius.client.inetaddr=localhost
# cas.radius.client.port.acct=
# cas.radius.client.socket.timeout=60
# cas.radius.client.port.authn=
# cas.radius.client.sharedsecret=N0Sh@ar3d$ecReT
# cas.radius.server.protocol=EAP_MSCHAPv2
# cas.radius.server.retries=3
# cas.radius.server.nasIdentifier=-1
# cas.radius.server.nasPort=-1
# cas.radius.server.nasPortId=-1
# cas.radius.server.nasRealPort=-1
# cas.radius.server.nasPortType=-1
# cas.radius.server.nasIpAddress=
# cas.radius.server.nasIpv6Address=
# cas.radius.failover.authn=false
#
cas.radius.failover.exception
=
false
\ No newline at end of file
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment