CAS configuration doubt

**andromeda** · May 7th, 2012, 08:40 AM

I have 3 doubts . Could you please clarify these doubts ? tutorial talks about config with localhost which I dont feel comfortable. In my situation I will have a CAS client box and a CAS server box. ...they have different IP .

I'm not comfortable whether localhost in this tutorial refers to CAS client box or CAS server box.

From tutorial link I find these config settings :
Doubt1

19.3. Configuration of CAS Client

<bean id="casProcessingFilterEntryPoint"
class="org.springframework.security.ui.cas.CasProc essingFilterEntryPoint">
<property name="loginUrl" value="https://localhost:9443/cas/login"/> //localhost is CAS server box or Client box ?
<property name="serviceProperties" ref="serviceProperties"/>
</bean>

Doubt 2:

<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20Servic eTicketValidator">
<constructor-arg index="0" value="https://localhost:9443/cas" /> //localhost is CAS server box or Client box ?
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>

Doubt 3

<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentica tion.CasAuthenticationProvider">
...
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ProxyT icketValidator">
<constructor-arg value="https://localhost:9443/cas"/> //localhost is CAS server box or Client box ?

<property name="proxyCallbackUrl"
value="https://localhost:8443/cas-sample/j_spring_cas_security_proxyreceptor"/> //localhost is CAS server box or Client box ?
<property name="proxyGrantingTicketStorage" ref="pgtStorage"/>
</bean>
</property>
</bean>

**jleleu** · May 9th, 2012, 09:42 AM

Hi,

Doubt1:
The loginUrl property is the login url of your CAS server.

Doubt2:
The casServerPrefixUrl property (param 0 in constructor) is the prefix url of the CAS server for service ticket validation.

Doubt3:
Same as in doubt2 for proxy ticket validation.
For the proxyCallbackUrl, it's on the client side to be able to link the pgtIou with the pgtId. I recommend reading : https://wiki.jasig.org/display/CAS/P...AS+Walkthrough.

Best regards,
Jérôme

**andromeda** · May 9th, 2012, 12:26 PM

Thanks for the post. I dont understand some parts in your comments . Can you please clarify the red part in your comment ?

Originally Posted by jleleu

Hi,

Doubt1:
The loginUrl property is the login url of your CAS server.

Doubt2:
The casServerPrefixUrl property (param 0 in constructor) is the prefix url of the CAS server for service ticket validation.

What is a prefix url of CAS server ? Can you please explain this part with an example.

Doubt3:
Same as in doubt2 for proxy ticket validation.
For the proxyCallbackUrl, it's on the client side to be able to link the pgtIou with the pgtId.

Did you mean its the url of the client box ?

Best regards,
Jérôme

**jleleu** · May 9th, 2012, 01:00 PM

Hi,

The CAS prefix url is the root url of the CAS server. Let's take an example : you have a CAS server with /cas as the root context.
The login url is http://host/cas/login. The prefix url is http://host/cas.
In fact, it's called that way as the url built for ticket validation is the CAS prefix url + /serviceValidate (http://host/cas/serviceValidate).

Client side, you have the CAS service url, generally http://host2/myapp/j_spring_cas_security_check. This url is used as CAS service on CAS server side. It's the url called after authentication on which a service ticket is added.
For CAS proxy mechanism, you need one more url to receive pgtIou and pgtId parameters, the pgtIou is also received in return of service ticket validation. This way, you can obtain the pgtId for this authentication, pgtId you will use to get proxy ticket (exactly the same role as service ticket but for proxified service).
This one more url is generally : http://host2/myapp/j_spring_cas_security_proxyreceptor. Here is the Spring security doc : http://static.springsource.org/sprin...rence/cas.html.

Best regards,
Jérôme

**andromeda** · May 9th, 2012, 09:06 PM

Thanks . You are very much helpful. I still have little doubt in some parts in your comments . Could you please clarify this.

Originally Posted by jleleu

Hi,

The CAS prefix url is the root url of the CAS server. Let's take an example : you have a CAS server with /cas as the root context.
The login url is http://host/cas/login. The prefix url is http://host/cas.
In fact, it's called that way as the url built for ticket validation is the CAS prefix url + /serviceValidate (http://host/cas/serviceValidate).

Excellent. got this part.

Client side, you have the CAS service url, generally http://host2/myapp/j_spring_cas_security_check. This url is used as CAS service on CAS server side.

What is host2 ? I guess its the client box ..right?

(because you have used host for cas server ..so I guess host2 is for client box )

**jleleu** · May 10th, 2012, 11:46 AM

Hi,

You're right : host is the host of the CAS server and host2 is the host of the client application.
Best regards,
Jérôme

**andromeda** · May 10th, 2012, 11:59 AM

Thanks. It was very much helpful.

Thread: CAS configuration doubt

Thread Tools

Display

CAS configuration doubt

Posting Permissions