Re: CAS OAuth2 testing with Spring Boot demo

584 views

Skip to first unread message

Jérôme LELEU

unread,

Nov 29, 2015, 7:57:34 AM11/29/15

to Jeremy Hulick, pac4j-users

Hi,

So you want to tie your Spring Boot app to an OAuth wrapped CAS server. It should be straightforward.

Doing it mysself:

1) in my Spring Boot app (https://github.com/pac4j/spring-webmvc-pac4j-boot-demo):

diff --git a/src/main/java/org/pac4j/demo/spring/config/Pac4jConfig.java b/src/main/java/org/pac4j/demo/spring/config/Pac4jConfig.java

// CAS
- final CasClient casClient = new CasClient("https://casserverpac4j.herokuapp.com/login");
+ //final CasClient casClient = new CasClient("https://casserverpac4j.herokuapp.com/login");
+ final CasOAuthWrapperClient casClient = new CasOAuthWrapperClient("this_is_the_key", "this_is_the_secret", "http://localhost:8081/cas2/oauth2");

diff --git a/src/main/java/org/pac4j/demo/spring/config/SecurityConfig.java b/src/main/java/org/pac4j/demo/spring/config/SecurityConfig.java

registry.addInterceptor(new RequiresAuthenticationInterceptor(config, "IndirectBasicAuthClient")).addPathPatterns("/basicauth/*");
- registry.addInterceptor(new RequiresAuthenticationInterceptor(config, "CasClient")).addPathPatterns("/cas/*");
+ registry.addInterceptor(new RequiresAuthenticationInterceptor(config, "CasOAuthWrapperClient")).addPathPatterns("/cas/*");
registry.addInterceptor(new RequiresAuthenticationInterceptor(config, "SAML2Client")).addPathPatterns("/saml/*");

diff --git a/src/main/java/org/pac4j/demo/spring/controller/Application.java b/src/main/java/org/pac4j/demo/spring/controller/Application.java
final IndirectBasicAuthClient baClient = (IndirectBasicAuthClient) clients.findClient("IndirectBasicAuthClient");
- final CasClient casClient = (CasClient) clients.findClient("CasClient");
+ final CasOAuthWrapperClient casClient = (CasOAuthWrapperClient) clients.findClient("CasOAuthWrapperClient");
final SAML2Client saml2Client = (SAML2Client) clients.findClient("SAML2Client");

2) in my pac4j / OAuth CAS demo (https://github.com/leleuj/cas-pac4j-oauth-demo):

diff --git a/cas-pac4j-oauth-client-demo/src/main/webapp/WEB-INF/cas.properties b/cas-pac4j-oauth-client-demo/src/main/webapp/WEB-INF/cas.properties

-server.name=http://localhost:8080
+server.name=http://localhost:8081

diff --git a/cas-pac4j-oauth-server-demo/src/main/resources/services/oauthclient-1.json b/cas-pac4j-oauth-server-demo/src/main/resources/services/oauthclient-1.json

{
"@class" : "org.jasig.cas.support.oauth.services.OAuthRegisteredService",
- "serviceId" : "http://localhost:8080/cas/login\\?client_name=CasOAuthWrapperClient",
+ "serviceId" : "http://localhost:8080/callback\\?client_name=CasOAuthWrapperClient",
"name" : "my great webapp for OAuth",

diff --git a/cas-pac4j-oauth-server-demo/src/main/webapp/WEB-INF/cas.properties b/cas-pac4j-oauth-server-demo/src/main/webapp/WEB-INF/cas.properties

-server.name=http://localhost:8080
+server.name=http://localhost:8081

It took me 10 minutes: can you retest following these guidelines?

Sharing with community as it might help others...

Thanks.

Best regards,

Jérôme

2015-11-27 16:28 GMT+01:00 Jeremy Hulick <jeremy...@gmail.com>:

Hi Jerome, I was able to get this sample CAS OAuth service from UniconLabs working right away:

https://github.com/UniconLabs/cas-grouper-oauth

It's using the Apache OLTU OAuth client instead of Pac4j. I might use this project as the base for our work, though it's not ideal since it's set up with a Grouper service and the client code base is running with Groovy. Nevertheless, the CAS/OAuth2 overlay is working correctly with the redirect and that's the most important piece I need working right now.

Let me know if you have other suggestions with the sample Pac4j app.

Thanks,
Jeremy
On Fri, Nov 27, 2015 at 8:37 AM, Jeremy Hulick <jeremy...@gmail.com> wrote:
Hi Jerome, I've attempted your suggestions, and various other changes, without success. The overlay in the server portion doesn't have the serviceRegistryDao in the cas-servlet.xml, per the docs here: http://jasig.github.io/cas/4.1.x/installation/OAuth-OpenId-Authentication.html. Could that be part of the problem?

Perhaps I don't fully understand how the servers should be setup. I am using your spring-webmvc-pac4j-boot-demo as the client, and only the server portion of cas-pac4j-oauth-demo hosted in a Tomcat server. Would it be better to host both client and server portions of the cas-pac4j-oauth-demo (https://github.com/leleuj/cas-pac4j-oauth-demo) in separate Tomcat containers?

Thanks,
Jeremy
On Wed, Nov 25, 2015 at 5:53 AM, Jérôme LELEU <lel...@gmail.com> wrote:
Hi,

The callback url for the OAuth client defined in the CAS Oauth wrapped server (/cas2) should point to your Spring boot demo instead of the regular CAS server (/cas): can you check that?

Thanks.
Best regards,
Jérôme
2015-11-24 21:05 GMT+01:00 Jeremy Hulick <jeremy...@gmail.com>:
That's correct. I want to login at your demo CAS server, it's being hosted in my Tomcat 7 at localhost:8888/cas-oauth-server. The Spring Boot client test app is running on localhost:8080. The README.md for your demo server says that the OAuth service is running at the '/cas2' endpoint so that's why the URL is http://localhost:8888/cas-oauth-server/cas2. There isn't an http://cas-oauth-server service running, and i don't have that in my configuration.

Thanks.
On Tue, Nov 24, 2015 at 2:52 PM, Jérôme LELEU <lel...@gmail.com> wrote:
Hi,

I'm a bit surprised by the url I see in the definitin of your CasOAuthWrappedClient.

You want to login at a CAS server using the OAuth protocol from your Spring boot app, don't you?

I guess your Spring boot app runs on localhost:8080 with a callback url on http://localhost:8080/callback.

But I'm confused to see http://localhost:8888/cas-oauth-server/cas2 and http://cas-oauth-server/login...

Best regards,
Jérôme
2015-11-24 17:35 GMT+01:00 Jeremy Hulick <jeremy...@gmail.com>:
I tried Tomcat but it doesn't work there either. I added the Oauth CAS wrapper to the Spring Boot client.

CAS server is at localhost:8888, the Spring Boot app is running on localhost:8080
final CasOAuthWrapperClient casOAuthWrapperClient = new CasOAuthWrapperClient("key", "secret", "http://localhost:8888/cas-oauth-server/cas2");
casOAuthWrapperClient.setCallbackUrl("http://localhost:8080/callback");
When I open a browser to the Spring boot app, it correctly redirects to CAS for login and after I login it redirects back to CAS itself.

http://localhost:8888/cas-oauth-server/login?response_type=code&client_id=key&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcallback%3Fclient_name%3DCasOAuthWrapperClient

I've also checked that the client registration are correct in the server setup - i changed the id to "key" and secret to "secret".

I'll post this issue on Github or one of the forums too. Thanks.
On Tue, Nov 24, 2015 at 3:34 AM, Jérôme LELEU <lel...@gmail.com> wrote:
Hi,

It doesn't work via the Maven Jetty plugin, but it works using a regular Tomcat installation.

Thanks.
Best regards,
Jérôme

2015-11-23 17:20 GMT+01:00 Jeremy Hulick <jeremy...@gmail.com>:
The CAS server doesn't redirect, per issues #21 https://github.com/leleuj/cas-pac4j-oauth-demo/issues/21, either with Jetty or my Tomcat (v7.x). I'll attempt to build CAS server from source, with the extension. It looks like v4.1.2 is the latest. Thanks.

On Mon, Nov 23, 2015 at 9:35 AM, Jeremy Hulick <jeremy...@gmail.com> wrote:
Thank you Jérôme. I now have the cas-pac4j-oauth-demo running on the 4.1.x branch. I also have the Spring Boot demo running too (master branch) but it doesn't have the CasOAuthWrapperClient as part of it's demo. I'll work on adding it to the demo.

Thanks for your help!
Jeremy

On Mon, Nov 23, 2015 at 4:16 AM, Jérôme LELEU <lel...@gmail.com> wrote:
Hi,

A) No, it doesn't support OAuth: it is just meant to test CAS protocol support. You should also move to the new documentation: http://jasig.github.io/cas/4.1.x/protocol/OAuth-Protocol.html

B) Though, there is a https://github.com/pac4j/pac4j/blob/master/pac4j-oauth/src/main/java/org/pac4j/oauth/client/CasOAuthWrapperClient.java to talk to a OAuth wrapped CAS server. You can test everything with the following demo: https://github.com/leleuj/cas-pac4j-oauth-demo Use the 4.1.x branch for a stable version

So you can reuse the cas-pac4j-oauth-server-demo as an OAuth wrapped CAS server and the CasOAuthWrapperClient in the Spring boot demo.

Thanks.
Best regards,
Jérôme

2015-11-22 22:04 GMT+01:00 Jeremy Hulick <jeremy...@gmail.com>:
Hi Jerome, I've discovered your Spring Boot project that tests various security clients, link below. I'm excited about this project because I've a need to integrate CAS and OAuth2 where I work. I'm wondering if A) does your external CAS server at Heroku supports the OAuth2 integration, as noted in these CAS docs: https://wiki.jasig.org/display/CASUM/Configuration+for+the+OAuth+server+support, and B), if your PAC4J OAuth2 client supports the CAS/Oauth2 integration.

I've looked at the Spring Boot demo source code and it seems to only use traditional CAS client. How would I test the CAS OAuth2 with your software?

https://github.com/pac4j/spring-webmvc-pac4j-boot-demo

Thanks in advance,
Jeremy Hulick

Reply all

Reply to author

Forward

0 new messages