ALA CAS openid integration - AtlasOfLivingAustralia/ala-cas Wiki

##intro The purpose of this project is to add OpenID support to Atlas of Living Australia. The system should allow the user to chose either:

  1. register/login with ALA cas user credentials, or to
  2. let the user to use their existing OpenID credentials (see http://openid.net/get-an-openid for a list of OpenID providers)

Alt text

##upgrading existing cas installation/configuration The best/easiest (if not the only) approach to upgrade your existing cas project is:

  1. Decide which version of jasig cas do you need
  2. Setup from scratch a new jasig cas maven overlay project
  3. Port your existing cas modifications to the newly setup cas project
  4. Adjust your existing cas properties file to the new version of jasig cas
  5. Add suport for OpenID delegated authentication
  6. cas clients upgrade

####Decide which version of jasig cas do you need In our case we want to use the jasig cas version with "the best support" for OpenID, however we have to take into the consideration that Google just deprecated OpenID (at the end of April 2015, see: https://developers.google.com/identity/protocols/OpenID2) in favour of OpenID Connect and/or: http://openid.net/connect/faq

####Setup from scratch a new jasig cas maven overlay project

  1. setup new jasig cas maven overlay project, build, deploy, test it - make sure you can login with static username and password
  2. replace the (test) static username password authentication handler with your existing JDBC authentication handler org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler (and passwordEncoder (custom? default?)) - deploy and verify the login
  1. add OpenID authenticator org.jasig.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler
  1. TODO: add & test OpenID Connect (google deprecated OpenId, replacing it with OpenID Connect in April 2015)

NOTE: The jasig cas upgrade info is incomplete. All of my attempts to simply upgrade the existing ALA cas (based on jasig cas 3.4.2) to the latest stable version of jasig cas 4.0.1 failed. Even if you painstakingly upgrade all the JASIG_CAS_ROOT/src/main/webapp/WEB-INF xml files, and there are no exceptions on cas deploy, the cas won't work and you get a lot of runtime exceptions without specific details, for example:

2015-04-29 01:22:02,089 ERROR [org.jasig.cas.web.init.SafeDispatcherServlet] - <SafeDispatcherServlet: 
The Spring DispatcherServlet we wrap threw on init.
But for our having caught this error, the servlet would not have initialized.>
java.lang.NoSuchMethodError: org.springframework.web.context.support.WebApplicationContextUtils.initServletPropertySources(Lorg/springframework/core/env/MutablePropertySources;Ljavax/servlet/ServletContext;Ljavax/servlet/ServletConfig;)V
        at org.springframework.web.context.support.StandardServletEnvironment.initPropertySources(StandardServletEnvironment.java:94)
        at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:644)
        at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:599)
        at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:665)
        at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:518)
        at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:459)
        at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:136)
        at javax.servlet.GenericServlet.init(GenericServlet.java:158)
        at org.jasig.cas.web.init.SafeDispatcherServlet.init(SafeDispatcherServlet.java:76)
        at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1279)
        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1192)
        at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087)
        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5210)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5493)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1073)
        at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1857)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)

Most likely because of jasig cas depending on some (newer) version of spring, spring-security, etc. To avoid these types of problems it is much easier to setup a new cas maven overlay project, that should pull in all the dependencies and then add your cas modifications into the generated boilerplate".

####Port your existing cas modifications to the newly setup cas project This was in fact the easiest/smoothest.

####Adjust your existing cas properties file to the new version of jasig cas

####Add suport for OpenID delegated authentication

references:

####cas clients upgrade TODO

###old notes

bash-3.2$ find ~/src/cas-4.0.1 -type file | grep openid | grep -v test | sed -e 's/^.*\/cas\-[0-9]\.[0-9]\.[0-9]\///g'
cas-server-support-openid/NOTICE
cas-server-support-openid/pom.xml
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/handler/support/OpenIdCredentialsAuthenticationHandler.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdCredential.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdPrincipalResolver.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdService.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/flow/OpenIdSingleSignOnAction.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/mvc/SmartOpenIdController.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/OpenIdProviderController.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/DefaultOpenIdUserNameExtractor.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdArgumentExtractor.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdPostUrlHandlerMapping.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdUserNameExtractor.java
cas-server-support-openid/src/site/site.xml
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationFailureView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationSuccessView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceFailureView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceSuccessView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/user.jsp
bash-3.2$ find ~/src/cas-3.5.3 -type file | grep openid | grep -v test | sed -e 's/^.*\/cas\-[0-9]\.[0-9]\.[0-9]\///g'
cas-server-support-openid/NOTICE
cas-server-support-openid/pom.xml
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/handler/support/OpenIdCredentialsAuthenticationHandler.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdCredentials.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdCredentialsToPrincipalResolver.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdService.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/flow/OpenIdSingleSignOnAction.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/mvc/SmartOpenIdController.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/DefaultOpenIdUserNameExtractor.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdArgumentExtractor.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdPostUrlHandlerMapping.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdUserNameExtractor.java
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationFailureView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationSuccessView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceFailureView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceSuccessView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/user.jsp
bash-3.2$ find ~/src/cas-3.4.2 -type file | grep openid | grep -v test | sed -e 's/^.*\/cas\-[0-9]\.[0-9]\.[0-9]\///g'
cas-server-support-openid/pom.xml
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/handler/support/OpenIdCredentialsAuthenticationHandler.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdCredentials.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdCredentialsToPrincipalResolver.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/authentication/principal/OpenIdService.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/flow/OpenIdSingleSignOnAction.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/DefaultOpenIdUserNameExtractor.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdArgumentExtractor.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdPostUrlHandlerMapping.java
cas-server-support-openid/src/main/java/org/jasig/cas/support/openid/web/support/OpenIdUserNameExtractor.java
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceFailureView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceSuccessView.jsp
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/user.jsp
jasig cas version ala-cas upgrade result
3.4.2 OK (currently used)
3.4.2.1 OK
3.4.3 "CAS is unavailable"
3.4.3.1 "CAS is unavailable"
3.4.4 "CAS is unavailable"
3.4.5 "CAS is unavailable"
3.4.6 tomcat exception
3.4.7 tomcat exception
3.4.8 tomcat exception
3.4.9 tomcat exception
3.4.10 tomcat exception
3.4.11 tomcat exception
3.4.12 tomcat exception
3.4.12.1 tomcat exception
3.5.3 tomcat exception
4.0.1 compile errors fixed
4.1.0-SNAPSHOT compile errors (not compatible even with cas 4.0.1 compatible source/configuration)
CAS is Unavailable
There was an error trying to complete your request. Please notify your support desk or try again.