Google Git
Sign in
apache / shiro-site / f7cdd255bcc892cff7e35dfe14c82f33ef7414da / . / cas.html
blob: 8aa6deb9c816256c76f0084eabc73607ea613bd6 [file] [log] [blame]
<!DOCTYPE html>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE- 2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<html lang="en">
<head>
<meta charset="utf-8"/>
<title>Integrating Apache Shiro with CAS SSO server | Apache Shiro</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="keywords" content='documentation,cas'>
<meta name="generator" content="JBake">
<meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw">
<meta name="google-site-verification" content="ecFap6dWJgS_GCCtxmJQJ_nFYQhM6EgSpBPZDU7xsCE">
<meta name="google-site-verification" content="gBTYOG8lMfNb_jrWrH3kFbudpEs_WrAJ2lb2-zLRaso"/>
<meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">
<meta property="og:title" content="Integrating Apache Shiro with CAS SSO server | Apache Shiro"/>
<meta property="og:type" content="article"/>
<meta name="twitter:card" content="summary" />
<meta name="twitter:site" content="@ApacheShiro" />
<meta property="article:modification_time" content="2010-03-18T00:00:00Z"/>
<meta property="article:tag" content='documentation'/>
<meta property="article:tag" content='cas'/>
<meta property="og:locale" content="en_US" />
<meta property="og:url" content='https://shiro.apache.org/cas.html'/>
<meta property="og:image" content='images/shiro-featured-image.png'/>
<meta property="og:image:width" content='1200'/>
<meta property="og:image:height" content='628'/>
<meta property="og:site_name" content="Apache Shiro"/>
<!-- Le styles -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="bootstrap-icons-1.5.0/bootstrap-icons.css" rel="stylesheet">
<link href="css/asciidoctor.css" rel="stylesheet">
<link href="css/base.css" rel="stylesheet">
<link href="highlight.js-11.2.0/styles/default.min.css" rel="stylesheet">
<link href="css/gh-pages/gh-fork-ribbon.css" rel="stylesheet"/>
<!-- Fav and touch icons -->
<!--<link rel="apple-touch-icon-precomposed" sizes="144x144" href="../assets/ico/apple-touch-icon-144-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="114x114" href="../assets/ico/apple-touch-icon-114-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="72x72" href="../assets/ico/apple-touch-icon-72-precomposed.png">
<link rel="apple-touch-icon-precomposed" href="../assets/ico/apple-touch-icon-57-precomposed.png">-->
<link rel="shortcut icon" href="favicon.ico">
<!-- Matomo -->
<script>
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['disableCookies']);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//matomo.privacy.apache.org/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '2']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<!-- End Matomo Code -->
</head>
<body>
<div id="top-bar"></div>
<a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro" title="Fork me on GitHub">Fork me on GitHub</a>
<div id="wrap">
<div class="masthead">
<p class="lead">
<a href="index.html"><img src="images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;" alt="Apache Shiro Logo"></a>
<span class="tagline">Simple. Java. Security.</span>
<a class="pull-right" href="https://www.apache.org/events/current-event.html">
<img style="padding-top: 8px" src="https://www.apache.org/events/current-event-125x125.png" alt="Apache Software Foundation Event Banner"/>
</a>
</p>
</div>
<!-- Fixed navbar -->
<nav class="navbar navbar-expand-lg navbar-light bg-light shadow-sm mb-4">
<div class="container-fluid">
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
<li class="nav-item">
<a class="nav-link" href="get-started.html">Get Started</a>
</li>
<li class="nav-item">
<a class="nav-link" href="documentation.html">Docs</a>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-webapps" role="button" data-bs-toggle="dropdown" aria-expanded="false">
Web Apps
</a>
<ul class="dropdown-menu" aria-labelledby="navbarDropdown-webapps">
<li><a class="dropdown-item" href="web.html">General</a></li>
<li><a class="dropdown-item" href="jaxrs.html">JAX-RS</a></li>
<li><a class="dropdown-item" href="jakarta-ee.html">Jakarta EE</a></li>
<li><hr class="dropdown-divider"></li>
<li><a class="dropdown-item" href="web-features.html">Features</a></li>
</ul>
</li>
<li><a class="nav-link" href="features.html">Features</a></li>
<!-- integrations -->
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-integrations" role="button" data-bs-toggle="dropdown" aria-expanded="false">
Integrations
</a>
<ul class="dropdown-menu" aria-labelledby="navbarDropdown-integrations">
<li><a class="dropdown-item" href="spring-boot.html">Spring</a></li>
<li><a class="dropdown-item" href="guice.html">Guice</a></li>
<li><hr class="dropdown-divider"></li>
<li><a class="dropdown-item" href="integration.html">Third-Party Integrations</a></li>
</ul>
</li>
<!-- Community -->
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-community" role="button" data-bs-toggle="dropdown" aria-expanded="false">
Community
</a>
<ul class="dropdown-menu" aria-labelledby="navbarDropdown-community">
<li><a class="dropdown-item" href="forums.html">Community Forums</a></li>
<li><a class="dropdown-item" href="mailing-lists.html">Mailing Lists</a></li>
<li><a class="dropdown-item" href="articles.html">Articles</a></li>
<li><a class="dropdown-item" href="news.html">News</a></li>
<li><a class="dropdown-item" href="events.html">Events</a></li>
<li><hr class="dropdown-divider"></li>
<li><a class="dropdown-item" href="community.html">More</a></li>
</ul>
</li>
<!-- About -->
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-about" role="button" data-bs-toggle="dropdown" aria-expanded="false">
About
</a>
<ul class="dropdown-menu" aria-labelledby="navbarDropdown-about">
<li><a class="dropdown-item" href="about.html">About</a></li>
<li><a class="dropdown-item" href="privacy-policy.html">Privacy Policy</a></li>
<li><a class="dropdown-item" href="security-reports.html">Vulnerability Reports</a></li>
</ul>
</li>
</ul>
<ul class="d-flex justify-content-end navbar-nav mb-2 mb-lg-0">
<!-- The ASF -->
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown-asf" role="button" data-bs-toggle="dropdown" aria-expanded="false">
Apache Software Foundation
</a>
<ul class="dropdown-menu" aria-labelledby="navbarDropdown-asf">
<li><a class="dropdown-item" href="https://www.apache.org/">Apache Homepage</a></li>
<li><a class="dropdown-item" href="https://www.apache.org/licenses/">License</a></li>
<li><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
<li><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
<li><a class="dropdown-item" href="https://www.apache.org/security/">Security</a></li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
<div class="page-header">
<h1>Integrating Apache Shiro with CAS SSO server</h1>
</div>
<div class="related-content">
<h2>Related Content</h2>
<h3 class="title"><a href="web-features.html">Apache Shiro for Web Applications</a></h3>
<p class="description">
</p>
<p>
<span class="read-more"><a href="web-features.html">Read More &gt;&gt;</a></span>
</p>
</div>
<div class="admonitionblock tip">
<table>
<tbody>
<tr>
<td class="icon">
<div class="title">Handy Hint</div>
</td>
<td class="content">
<div class="title">Shiro v1 version notice</div>
<div class="paragraph">
<p>As of 2024-02-28, Shiro v1 will soon be superseded by v2.<p>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="toc" class="toc">
<div id="toctitle">Table of Contents</div>
<ul class="sectlevel1">
<li><a href="#CAS-BasicunderstandingoftheCASprotocol">Basic understanding of the CAS protocol</a></li>
<li><a href="#how_to_configure_shiro_to_work_with_cas_server">How to configure shiro to work with CAS server?</a>
<ul class="sectlevel2">
<li><a href="#dependency">Dependency</a></li>
<li><a href="#casfilter">CasFilter</a></li>
<li><a href="#casrealm">CasRealm</a></li>
<li><a href="#cassubjectfactory">CasSubjectFactory</a></li>
<li><a href="#security_of_the_application">Security of the application</a></li>
<li><a href="#complete_configuration_sample">Complete configuration sample</a></li>
</ul>
</li>
<li><a href="#history">History</a></li>
</ul>
</div>
<div id="preamble">
<div class="sectionbody">
<div class="admonitionblock warning">
<table>
<tr>
<td class="icon">
<i class="fa icon-warning" title="Warning"></i>
</td>
<td class="content">
<div class="title">Deprecation warning</div>
<div class="paragraph">
<p>Shiro-CAS support is deprecated, support has been moved to the Apache Shiro based <a href="https://github.com/bujiio/buji-pac4j">buji-pac4j</a> project.</p>
</div>
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The <em>shiro-cas</em> module is made to protect a web application with a <a href="https://wiki.jasig.org/display/CAS/Home">Jasig CAS</a> SSO server. It enables a Shiro-enabled application to be a CAS client.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="CAS-BasicunderstandingoftheCASprotocol">Basic understanding of the CAS protocol</h2>
<div class="sectionbody">
<div class="olist arabic">
<ol class="arabic">
<li>
<p>If you want to access an application protected by a CAS client and if you are not authenticated in this application, you are redirected by the CAS client to the CAS server login page.
A service parameter in the CAS login url defines the application the user wants to log in.</p>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-nohighlight hljs" data-lang="nohighlight">http://application.examples.com/protected/index.jsp → HTTP 302 → https://server.cas.com/login?service=http://application.examples.com/shiro-cas</code></pre>
</div>
</div>
</li>
<li>
<p>You fill the login and password and authenticate in CAS server which then redirects the user to the application (the service url) with a service ticket in url.
The service ticket is a short-lived one-time-use token redeemable at the CAS server for a user identifier (and optionally, user attributes).</p>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-nohighlight hljs" data-lang="nohighlight">https://server.cas.com/login?service=http://application.examples.com/shiro-cas → HTTP 302 → http://application.examples.com/shiro-cas?ticket=ST-4545454542121-cas</code></pre>
</div>
</div>
</li>
<li>
<p>The application asks directly the CAS server if the service ticket is valid and the CAS server responds by the identity of the authenticated user.
Generally, the CAS client forwards the user to the originally called protected page.</p>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-nohighlight hljs" data-lang="nohighlight">http://application.examples.com/shiro-cas?ticket=ST-4545454542121-cas → HTTP 302 → http://application.examples.com/protected/index.jsp</code></pre>
</div>
</div>
</li>
</ol>
</div>
</div>
</div>
<div class="sect1">
<h2 id="how_to_configure_shiro_to_work_with_cas_server">How to configure shiro to work with CAS server?</h2>
<div class="sectionbody">
<div class="sect2">
<h3 id="dependency">Dependency</h3>
<div class="paragraph">
<p>You need to add the <em>shiro-cas</em> Maven dependency in your application :</p>
</div>
<ul class="nav nav-tabs" id="dependency-casmain-tab" role="tablist">
<li class="nav-item" role="presentation">
<button
class="nav-link active"
id="maven-casmain-tab"
data-bs-toggle="tab"
data-bs-target="#maven-casmain"
type="button"
role="tab"
aria-controls="maven-casmain"
aria-selected="true"
>Maven</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="gradle-casmain-tab"
data-bs-toggle="tab"
data-bs-target="#gradle-casmain"
type="button"
role="tab"
aria-controls="gradle-casmain"
aria-selected="false"
>Gradle</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="sbt-casmain-tab"
data-bs-toggle="tab"
data-bs-target="#sbt-casmain"
type="button"
role="tab"
aria-controls="sbt-casmain"
aria-selected="false"
>SBT</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="ivy-casmain-tab"
data-bs-toggle="tab"
data-bs-target="#ivy-casmain"
type="button"
role="tab"
aria-controls="ivy-casmain"
aria-selected="false"
>Ivy</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="leiningen-casmain-tab"
data-bs-toggle="tab"
data-bs-target="#leiningen-casmain"
type="button"
role="tab"
aria-controls="leiningen-casmain"
aria-selected="false"
>Leiningen</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="buildr-casmain-tab"
data-bs-toggle="tab"
data-bs-target="#buildr-casmain"
type="button"
role="tab"
aria-controls="buildr-casmain"
aria-selected="false"
>Buildr</button>
</li>
</ul>
<div class="tab-content" id="dependency-casmain-tab-content">
<div
class="tab-pane fade show active"
id="maven-casmain"
role="tabpanel"
aria-labelledby="maven-casmain-tab"
>
<pre><code class='xml language-xml'>&lt;dependency&gt;
&lt;groupId&gt;org.apache.shiro&lt;/groupId&gt;
&lt;artifactId&gt;shiro-cas&lt;/artifactId&gt;
&lt;version&gt;2.0.0&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
</div>
<div
class="tab-pane fade"
id="gradle-casmain"
role="tabpanel"
aria-labelledby="gradle-casmain-tab"
>
<pre><code class='groovy language-groovy'>compile 'org.apache.shiro:shiro-cas:2.0.0'
</code></pre>
</div>
<div
class="tab-pane fade"
id="sbt-casmain"
role="tabpanel"
aria-labelledby="sbt-casmain-tab"
>
<pre><code class='scala language-scala'>libraryDependencies += "org.apache.shiro" % "shiro-cas" % "2.0.0"
</code></pre>
</div>
<div
class="tab-pane fade"
id="ivy-casmain"
role="tabpanel"
aria-labelledby="ivy-casmain-tab"
>
<pre><code class='xml language-xml'>&lt;dependency org="org.apache.shiro" name="shiro-cas" rev="2.0.0"/&gt;
</code></pre>
</div>
<div
class="tab-pane fade"
id="leiningen-casmain"
role="tabpanel"
aria-labelledby="leiningen-casmain-tab"
>
<pre><code class='clojure language-clojure'>[org.apache.shiro/shiro-cas "2.0.0"]
</code></pre>
</div>
<div
class="tab-pane fade"
id="buildr-casmain"
role="tabpanel"
aria-labelledby="buildr-casmain-tab"
>
<pre><code class='groovy language-groovy'>'org.apache.shiro:shiro-cas:jar:2.0.0'
</code></pre>
</div>
</div>
</div>
<div class="sect2">
<h3 id="casfilter">CasFilter</h3>
<div class="paragraph">
<p>You have to define the service url of your application (which has to be declared also in the CAS server).
This url will be used to receive CAS service ticket. For example: <a href="http://application.examples.com/shiro-cas" class="bare">http://application.examples.com/shiro-cas</a></p>
</div>
<div class="paragraph">
<p>In your shiro configuration, you have to define the <code>CasFilter</code>:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[main]
casFilter = org.apache.shiro.cas.CasFilter
casFilter.failureUrl = /error.jsp</code></pre>
</div>
</div>
<div class="paragraph">
<p>(the failure url is called when the service ticket validation fails).</p>
</div>
<div class="paragraph">
<p>And the url on which it is available:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[urls]
/shiro-cas = casFilter</code></pre>
</div>
</div>
<div class="paragraph">
<p>This way, when the user is redirected to the application service url (<em>/shiro-cas</em>) by the CAS server with a valid service ticket (after authentication), this filter receives the service ticket and creates a <code>CasToken</code> which can be used by the <code>CasRealm</code>.</p>
</div>
</div>
<div class="sect2">
<h3 id="casrealm">CasRealm</h3>
<div class="paragraph">
<p>The <code>CasRealm</code> uses the <code>CasToken</code> created by the <code>CasFilter</code> to authenticate the user by validating the CAS service ticket against the CAS server.</p>
</div>
<div class="paragraph">
<p>In your shiro configuration, you have to add the <code>CasRealm</code>:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[main]
casRealm = org.apache.shiro.cas.CasRealm
casRealm.defaultRoles = ROLE_USER
#casRealm.defaultPermissions
#casRealm.roleAttributeNames
#casRealm.permissionAttributeNames
#casRealm.validationProtocol = SAML
casRealm.casServerUrlPrefix = https://server.cas.com/
casRealm.casService = http://application.examples.com/shiro-cas</code></pre>
</div>
</div>
<div class="paragraph">
<p>The <em>casServerUrlPrefix</em> is the url of the CAS server (for example: <a href="https://server.cas.com" class="bare">https://server.cas.com</a>).
The <em>casService</em> is the application service url, the url on wich the application receives CAS service ticket (for example: <a href="http://application.examples.com/shiro-cas" class="bare">http://application.examples.com/shiro-cas</a>).
The <em>validationProcol</em> can be SAML or CAS (default): attributes and remember me information are only pushed throught the SAML validation procotol (except specific customizations). It depends on the version of the CAS server: SAML protocol can be used with CAS server version &gt;= 3.1.</p>
</div>
<div class="admonitionblock caution">
<table>
<tr>
<td class="icon">
<i class="fa icon-caution" title="Caution"></i>
</td>
<td class="content">
<div class="paragraph">
<p>If you choose SAML validation, you need some more specific dependencies:</p>
</div>
<ul class="nav nav-tabs" id="dependency-saml-tab" role="tablist">
<li class="nav-item" role="presentation">
<button
class="nav-link active"
id="maven-saml-tab"
data-bs-toggle="tab"
data-bs-target="#maven-saml"
type="button"
role="tab"
aria-controls="maven-saml"
aria-selected="true"
>Maven</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="gradle-saml-tab"
data-bs-toggle="tab"
data-bs-target="#gradle-saml"
type="button"
role="tab"
aria-controls="gradle-saml"
aria-selected="false"
>Gradle</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="sbt-saml-tab"
data-bs-toggle="tab"
data-bs-target="#sbt-saml"
type="button"
role="tab"
aria-controls="sbt-saml"
aria-selected="false"
>SBT</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="ivy-saml-tab"
data-bs-toggle="tab"
data-bs-target="#ivy-saml"
type="button"
role="tab"
aria-controls="ivy-saml"
aria-selected="false"
>Ivy</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="leiningen-saml-tab"
data-bs-toggle="tab"
data-bs-target="#leiningen-saml"
type="button"
role="tab"
aria-controls="leiningen-saml"
aria-selected="false"
>Leiningen</button>
</li>
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="buildr-saml-tab"
data-bs-toggle="tab"
data-bs-target="#buildr-saml"
type="button"
role="tab"
aria-controls="buildr-saml"
aria-selected="false"
>Buildr</button>
</li>
</ul>
<div class="tab-content" id="dependency-saml-tab-content">
<div
class="tab-pane fade show active"
id="maven-saml"
role="tabpanel"
aria-labelledby="maven-saml-tab"
>
<pre><code class='xml language-xml'>&lt;dependency&gt;
&lt;groupId&gt;commons-codec&lt;/groupId&gt;
&lt;artifactId&gt;commons-codec&lt;/artifactId&gt;
&lt;version&gt;RELEASE&lt;/version&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.opensaml&lt;/groupId&gt;
&lt;artifactId&gt;opensaml&lt;/artifactId&gt;
&lt;version&gt;1.1&lt;/version&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.apache.santuario&lt;/groupId&gt;
&lt;artifactId&gt;xmlsec&lt;/artifactId&gt;
&lt;version&gt;1.4.3&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
</div>
<div
class="tab-pane fade"
id="gradle-saml"
role="tabpanel"
aria-labelledby="gradle-saml-tab"
>
<pre><code class='groovy language-groovy'>compile 'commons-codec:commons-codec:RELEASE'
compile 'org.opensaml:opensaml:1.1'
compile 'org.apache.santuario:xmlsec:1.4.3'
</code></pre>
</div>
<div
class="tab-pane fade"
id="sbt-saml"
role="tabpanel"
aria-labelledby="sbt-saml-tab"
>
<pre><code class='scala language-scala'>libraryDependencies += "commons-codec" % "commons-codec" % "RELEASE"
libraryDependencies += "org.opensaml" % "opensaml" % "1.1"
libraryDependencies += "org.apache.santuario" % "xmlsec" % "1.4.3"
</code></pre>
</div>
<div
class="tab-pane fade"
id="ivy-saml"
role="tabpanel"
aria-labelledby="ivy-saml-tab"
>
<pre><code class='xml language-xml'>&lt;dependency org="commons-codec" name="commons-codec" rev="RELEASE"/&gt;
&lt;dependency org="org.opensaml" name="opensaml" rev="1.1"/&gt;
&lt;dependency org="org.apache.santuario" name="xmlsec" rev="1.4.3"/&gt;
</code></pre>
</div>
<div
class="tab-pane fade"
id="leiningen-saml"
role="tabpanel"
aria-labelledby="leiningen-saml-tab"
>
<pre><code class='clojure language-clojure'>[commons-codec/commons-codec "RELEASE"]
[org.opensaml/opensaml "1.1"]
[org.apache.santuario/xmlsec "1.4.3"]
</code></pre>
</div>
<div
class="tab-pane fade"
id="buildr-saml"
role="tabpanel"
aria-labelledby="buildr-saml-tab"
>
<pre><code class='groovy language-groovy'>'commons-codec:commons-codec:jar:RELEASE'
'org.opensaml:opensaml:jar:1.1'
'org.apache.santuario:xmlsec:jar:1.4.3'
</code></pre>
</div>
</div>
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The <em>defaultRoles</em> is the default roles given to the authenticated user after CAS authentication success.
The <em>defaultPermissions</em> is the default permissions given to the authenticated user after CAS authentication success.
The <em>roleAttributeNames</em> defines the names of the attributes received from CAS response which define roles to give to the authenticated user (the roles are separated by comas).
The <em>permissionAttributeNames</em> defines the names of the attributes received from CAS response which define permissions to give to the autnewhenticated user (the permissions are separated by comas).</p>
</div>
</div>
<div class="sect2">
<h3 id="cassubjectfactory">CasSubjectFactory</h3>
<div class="paragraph">
<p>In CAS server, you can have "remember me" support. This information is pushed through SAML validation or CAS customized validation.
To reflect the CAS-remember me status in Shiro, you have to define a specific <code>CasSubjectFactory</code> in your Shiro configuration :</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[main]
casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory
securityManager.subjectFactory = $casSubjectFactory</code></pre>
</div>
</div>
</div>
<div class="sect2">
<h3 id="security_of_the_application">Security of the application</h3>
<div class="paragraph">
<p>Finally, you have to define the security of your application.</p>
</div>
<div class="paragraph">
<p>In your Shiro configuration, you have to protect url with roles (for example) :</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[urls]
/protected/** = roles[ROLE_USER]
/** = anon</code></pre>
</div>
</div>
<div class="paragraph">
<p>And the login url if the user is not authenticated is to be defined on the CAS server with the application service url:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[main]
roles.loginUrl = https://server.cas.com/login?service=http://application.examples.com/shiro-cas</code></pre>
</div>
</div>
<div class="paragraph">
<p>This way, if you are not authenticated and try to acces a <em>/protected/**</em> url, you are redirected to the CAS server for authentication.</p>
</div>
</div>
<div class="sect2">
<h3 id="complete_configuration_sample">Complete configuration sample</h3>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">[main]
casFilter = org.apache.shiro.cas.CasFilter
casFilter.failureUrl = /error.jsp
casRealm = org.apache.shiro.cas.CasRealm
casRealm.defaultRoles = ROLE_USER
casRealm.casServerUrlPrefix = https://server.cas.com/
casRealm.casService = http://application.examples.com/shiro-cas
casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory
securityManager.subjectFactory = $casSubjectFactory
roles.loginUrl = https://server.cas.com/login?service=http://application.examples.com/shiro-cas
[urls]
/shiro-cas = casFilter
/protected/** = roles[ROLE_USER]
/** = anon</code></pre>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="history">History</h2>
<div class="sectionbody">
<div class="paragraph">
<p><em>Version 1.2.0</em>: first release of the <em>shiro-cas</em> module.</p>
</div>
</div>
</div>
<hr />
</div>
<div class="footer-padding"></div>
<div class="container-fluid pt-2 border-top" id="custom-footer">
<footer class="row justify-content-between align-items-center">
<div class=" col-md-5">
<div class="copyright-footer justify-content-start">
<a href="https://www.apache.org/foundation/contributing.html">Donate to the ASF</a>&nbsp;|&nbsp;
<a href="https://www.apache.org/licenses/LICENSE-2.0.html">License</a>&nbsp;
<p class="text-muted">Copyright &copy; 2008-2024 The Apache Software Foundation</p>
</div>
</div>
<div class="d-flex justify-content-center col-md-1">
<a class="btn btn-social"><span class="social-icon social-twitter"><i class="bi bi-twitter"></i></span></a>
<a class="btn btn-social"><span class="social-icon social-facebook"><i class="bi bi-facebook"></i></span></a>
<a class="btn btn-social"><span class="social-icon social-linkedin"><i class="bi bi-linkedin"></i></span></a>
</div>
<div class="d-flex justify-content-end col-md-4" id="editThisPage">
<input type="hidden" id="ghEditPage" value="https://github.com/apache/shiro-site/edit/main/src/site/content/cas.adoc"/>
</div>
<div class="d-flex col-md-2 justify-content-end" style="position: relative">
<div class="footer-shield"></div>
</div>
</footer>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="js/bootstrap.min.js"></script>
<script src="highlight.js-11.2.0/highlight.min.js"></script>
<script src="js/shiro.js"></script>
<script>
docReady(
addPageEditLink()
);
</script>
<script>hljs.highlightAll();</script>
</body>
</html>