Forcing a CAS Relogin

28 views
Skip to first unread message

Laura McCord

unread,
Feb 5, 2020, 12:17:51 PM2/5/20
to CAS Community, Chris Pamulapati
Hi Everyone!

It's been awhile since posting on the cas list, but I've come into a situation that I could use some help with. 

I'll start off the conversation like this but let me know if you need more information. Basically, we're trying to enforce a login on our Banner Self-Service Application 

How do we implement /serviceValidate with renew option when the client bean doesn’t have the /serviceValidate settings. We are using SAML ticket enabled CAS.

 

The following is the cas-client-filter file.

 

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xsi:schemaLocation="http://www.springframework.org/schema/beans

        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

 

        <bean id="SSOAuthenticationFilter"

                class="org.jasig.cas.client.authentication.AuthenticationFilter">

                <property name="casServerLoginUrl" value="${cas.server.loginurl}"></property>

                <property name="serverName" value="${cas.client.url}"></property>

        </bean>

 

        <bean id="Saml11TicketValidationFilter"

                class="org.jasig.cas.client.validation.Saml11TicketValidationFilter">

                <property name="serverName" value="${cas.client.url}"></property>

                <property name="redirectAfterValidation" value="false"></property>

                <property name="artifactParameterName" value="ticket" />

                <property name="useSession" value="false"></property>

                <property name="ticketValidator">

                       <bean class="org.jasig.cas.client.validation.Saml11TicketValidator">

                                <constructor-arg index="0" value="${cas.server.url}" />

                                <property name="tolerance" value="${cas.validator.tolerance}" />

                        </bean>

                </property>

        </bean>

 

        <bean id="Saml11TicketValidator" class="org.jasig.cas.client.validation.Saml11TicketValidator">

                <constructor-arg index="0" value="${cas.server.url}" />

                <property name="tolerance" value="${cas.validator.tolerance}" />

        </bean>

 

        <bean id="BannerTicketValidationFilter"

                class="com.ellucian.sso.client.web.filter.BannerTicketValidationFilter">

                <!-- serverName of client to construct serviceURL eg:"thisServer.myDomain.net" -->

                <constructor-arg index="0" value="${cas.client.serverName}" />

                <!-- serviceUrl of client: either provide serverName or serviceUrl -->

                <constructor-arg index="1">

                        <null />

                </constructor-arg>

                <!-- ticketValidator implementation (defines protocol version to be used) -->

                <constructor-arg index="2"

                        ref="BannerApplicationTicketValidator" />

        </bean>

 

        <bean id="BannerApplicationTicketValidator"

                class="com.ellucian.sso.client.web.validation.BannerApplicationTicketValidator">

                <constructor-arg index="0" value="${cas.server.url}" />

                <constructor-arg index="1" ref="httpClient" />

        </bean>

 

        <bean id="httpClient" class="org.jasig.cas.util.HttpClient3FactoryBean">

        </bean>


Thanks so much,

Laura

Ray Bon

unread,
Feb 5, 2020, 1:45:14 PM2/5/20
to cas-...@apereo.org, sp...@rice.edu
Laura,

Would ssoEnabled flag in service definition work?

Ray
--
Ray Bon
Programmer Analyst
Development Services, University Systems

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Reply all
Reply to author
Forward
0 new messages