Ja-Sig provides a fairly robust Java CAS client which supports proxy ticketing and other advanced features of CAS. However, we needed to modify this client so it would support the K-State CAS protocol we implemented on the server.
Add dependencies for the WebISO-client to the dependencies section of the project.xml file.
<dependencies>
...
<dependency>
<groupId>webiso</groupId>
<artifactId>WebISO-client</artifactId>
<version>1.0.0</version>
<type>jar</type>
<properties>
<war.bundle>true</war.bundle>
</properties>
</dependency>
<dependency>
<type>jar</type>
<groupId>cas</groupId>
<artifactId>casclient</artifactId>
<version>2.1.1</version>
<properties>
<war.bundle>true</war.bundle>
</properties>
</dependency>
...
</dependencies>
|
Add the filter to the web.xml file.
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>edu.ksu.keas.webiso.filter.WebISOFilter</filter-class>
... init parameters ...
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
|
| Parameter | Use | Example | Required |
| LOGIN_URL | Specifies the login url on the WebISO server. | https://alpha.ome.ksu.edu/WebISO/login | Yes |
| VALIDATE_URL | Specifies the serviceValidate url on the WebISO server. | https://alpha.ome.ksu.edu/WebISO/serviceValidate | Yes |
| LOGOUT_URI | The relative URL for single sign out. This value will be combined with the protocol, host name, port, and context before being sent to the WebISO server. The webapp must return the checkbox icon, regardless of whether the user's session exists or is authenticated. | /logout | Yes |
| CLIENT_NAME | A name for the service using WebISO. This name will be displayed in the 'logged out' list. | eProfile, K-State Online | Yes |
| IGNORE | A comma delimited list of paths for the filter to ignore. | No | |
| RENEW | If set to true, WebISO will force a re-authentication even if the user is already signed in. | No | |
| AUTHORIZED_PROXY | A whitespace delimited list of proxies authorized to proxy authenticate to this service. | No | |
| PROXY_CALLBACK | The URL to which CAS should send proxy tickets. | No | |
| GATEWAY | The value the filter should send for the gateway parameter on the CAS login request. Mutually exclusive to RENEW. This parameter is basically deprecated due to the IGNORE parameter. | No |
There are several ways to access the user name, dirkey, and filter receipt exposed through the filter.
The WebISOAuthUtil Java class is provided and allows easy access to the user name, dirkey and receipt.
| Retrieve user name | WebISOAuthUtil.getUserName() |
| Retrieve dirkey | WebISOAuthUtil.getDirkey() |
| Retrieve receipt | WebISOAuthUtil.getReceipt() |
| Retrieve user name | session.getAttribute("cas_user"); |
| Retrieve dirkey | session.getAttribute("cas_dirkey"); |
| Retrieve receipt | session.getAttribute("cas_receipt"); |