Title: CASFilter
Description: Filter for Servlet 2.3 spec server to use CAS for authentication. Map any url pattern to this filter to support CAS
authentication for that url pattern. If login is successful at CAS the FilterCASBean will be available to you in the user's
session under attribute name "filterCASBean".
Authenticates a user by redirecting their browser to CAS for authentication. CAS puts casticket parameter on querystring after
successful login. The value of casticket is verified against CAS using https. If the casticket is valid we put the user's user
name and any key/value pairs returned by CAS (from the https request verifying casticket) into the FilterCASBean java bean and
save the bean in the session. Now we can check against nullness of this bean to verify user authentication.
The following init parameters are needed for each instance of this filter. These are placed in the web.xml file.
cas org.kuali.web.filter.UHCASFilter
serviceParamName service
ticketParamName ticket validationURL
https://login.its.hawaii.edu:8445/cas/validate loginURL
https://login.its.hawaii.edu:8445/cas/login logoutURL
https://login.its.hawaii.edu:8445/cas/logout
cas action
TODO: add simple param validation
TODO: rebuild it to work with either single or multiple URL params
IU's CAS server receives a URL of the form:
https://cas.iu.edu/cas/login?cassvc=MYANY&casurl=https://onestart.iu.edu:443/my-prd/Kerberos/Login.do generates a URL of the
form: https://onestart.iu.edu:443/my-prd/Portal.do?casticket=ST-285420-LYbpu3QKAjyC7D468WS2& UH's CAS server receives a URL of
the form: https://login.its.hawaii.edu:8445/cas/login?service=https://localhost:8443/casTest/casLogin.do generates a URL of the
form: https://localhost:8443/casTest/casLogin.do?ticket='ST-492-fzmviDIliftbdJrF1Q30'
|