Details

      Description

      The CAS documentation for Spring Security is vague and contains a few errors.

      First, the <bean id="casAuthenticationProvider"> element contains the tag <security:custom-authentication-provider /> which is not allowed by the spring-security-3.0.xsd.

      I have configured the authentication provider accordingly:

      <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="casAuthenticationProvider"></security:authentication-provider>
      </security:authentication-manager>

      Second, the <security:http> section can be more specific IMHO. I have configured it like shown below. I don`t know if this is 'the' way to configure it, but it works.

      <security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
      ...
      <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter>
      </security:http>

      Third, the <bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> contains the properties <property name="authenticationFailureUrl" value="/casfailed.jsp"/> and <property name="defaultTargetUrl" value="/"/> which do not exist anymore.

      Once you have figured this out, it works really great

      Cheers, Stephan

        Activity

        Hide
        Luke Taylor added a comment -

        Thanks for reporting these. I've updated the CAS section to correct the configurations.

        Show
        Luke Taylor added a comment - Thanks for reporting these. I've updated the CAS section to correct the configurations.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Stephan Oudmaijer
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: