Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-3041

embedded rice does not allow to specify service URL for CAS integration

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Blocker
    • Resolution: Won't Fix
    • Affects Version/s: 0.9.4-kfs
    • Fix Version/s: Not version specific
    • Component/s: Configuration
    • Labels:
      None
    • Rice Module:
      Rice Core
    • Application Requirement:
      KFS

      Description

      Working on the UofA implementation and trying to use a front-end SSL server that forwards regular HTTP requests to the server but it needs the system to make all links HTTPS.

      redirectToCas method in KualiCasFilter.java is using request URL as the service parameter value, which is fine as long as there is not front end processing of URLs. Our use of ACE for encryption breaks due to the fact that the request seen by the web server is a http request, while the original request is a https request.

      Need a parameter to pass in the service to redirectToCas method or some other way to let it know to redirect those URLs

        Attachments

          Activity

          Hide
          jkeller Jonathan Keller added a comment -

          KualiCasFilter will be going away as part of release 1.0 as far as I know. The work to switch to an external CAS instance has already been done on branches of KFS and rice 0.9.4. Those changes should resolve this issue.

          Show
          jkeller Jonathan Keller added a comment - KualiCasFilter will be going away as part of release 1.0 as far as I know. The work to switch to an external CAS instance has already been done on branches of KFS and rice 0.9.4. Those changes should resolve this issue.
          Hide
          apotts Tony Potts (Inactive) added a comment -

          is this now in the 0.9.4-kfs branch? if so, do you know when that happened?

          Show
          apotts Tony Potts (Inactive) added a comment - is this now in the 0.9.4-kfs branch? if so, do you know when that happened?
          Hide
          ewestfal Eric Westfall added a comment -

          Here's the rice branch for this:

          https://test.kuali.org/svn/rice/branches/rice-release-0-9-4-cas-br/

          don't know off the top of my head what the kfs branch is

          Show
          ewestfal Eric Westfall added a comment - Here's the rice branch for this: https://test.kuali.org/svn/rice/branches/rice-release-0-9-4-cas-br/ don't know off the top of my head what the kfs branch is
          Hide
          ewestfal Eric Westfall added a comment -

          As per Jonathan's comment, new cas server coming in will effectively resolve this issue.

          Show
          ewestfal Eric Westfall added a comment - As per Jonathan's comment, new cas server coming in will effectively resolve this issue.
          Hide
          lprzybylski Leo Przybylski (Inactive) added a comment -

          I deployed the kuali-cas-1.0.0.war file, but how do I configure the application to use it now that it's there? Looks like KFS is still using the KualiCasFilter

          Show
          lprzybylski Leo Przybylski (Inactive) added a comment - I deployed the kuali-cas-1.0.0.war file, but how do I configure the application to use it now that it's there? Looks like KFS is still using the KualiCasFilter
          Hide
          lprzybylski Leo Przybylski (Inactive) added a comment -

          As part of our implementation efforts, I documented steps for utilizing the new kuali-cas application part of the CAS Extraction

          Show
          lprzybylski Leo Przybylski (Inactive) added a comment - As part of our implementation efforts, I documented steps for utilizing the new kuali-cas application part of the CAS Extraction
          Hide
          lprzybylski Leo Przybylski (Inactive) added a comment -

          Is there a positive timeline on when the changes in the rice-release-0-9-4-cas-br will be available to KFS implementation? Right now, we're on kfs-200907-implementation-br. It doesn't have these changes. The only way to get them right now is to build a custom casclient-2.1.1.jar each week.

          Show
          lprzybylski Leo Przybylski (Inactive) added a comment - Is there a positive timeline on when the changes in the rice-release-0-9-4-cas-br will be available to KFS implementation? Right now, we're on kfs-200907-implementation-br. It doesn't have these changes. The only way to get them right now is to build a custom casclient-2.1.1.jar each week.
          Hide
          ewestfal Eric Westfall added a comment - - edited

          These changes have now been integrated. We didn't end up using cas in our dev environment (still using a simple login screen) so as to ease the effort for implementors (i.e. not requiring deployment of a separate cas server) but the other related code is in there now. KualiCasFilter has been removed and you can use the cas filter provided for in cas itself. I've pasted our rice configurationl file that we are using in our tests environments below (this is for https://test.kuali.org/kr-cnv and https://test.kuali.org/kr-stg). You can also modify the web.xml if you like that better (see an example of this in the kfs web.xml).

          <param name="server.url">https://test.kuali.org</param>
          <param name="application.url">$

          {server.url}/kr-${environment}</param>
          ...
          <param name="filter.login.class">org.jasig.cas.client.authentication.AuthenticationFilter</param>
          <param name="filter.login.casServerLoginUrl">https://test.kuali.org/cas-cnv/login</param>
          <param name="filter.login.serverName">${server.url}

          </param>
          <param name="filtermapping.login.1">/*</param>

          <param name="filter.validation.class">org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</param>
          <param name="filter.validation.casServerUrlPrefix">https://test.kuali.org/cas-cnv</param>
          <param name="filter.validation.serverName">$

          {server.url}

          </param>
          <param name="filtermapping.validation.2">/*</param>

          <param name="filter.caswrapper.class">org.jasig.cas.client.util.HttpServletRequestWrapperFilter</param>
          <param name="filtermapping.caswrapper.3">/*</param>

          Show
          ewestfal Eric Westfall added a comment - - edited These changes have now been integrated. We didn't end up using cas in our dev environment (still using a simple login screen) so as to ease the effort for implementors (i.e. not requiring deployment of a separate cas server) but the other related code is in there now. KualiCasFilter has been removed and you can use the cas filter provided for in cas itself. I've pasted our rice configurationl file that we are using in our tests environments below (this is for https://test.kuali.org/kr-cnv and https://test.kuali.org/kr-stg ). You can also modify the web.xml if you like that better (see an example of this in the kfs web.xml). <param name="server.url"> https://test.kuali.org </param> <param name="application.url">$ {server.url}/kr-${environment}</param> ... <param name="filter.login.class">org.jasig.cas.client.authentication.AuthenticationFilter</param> <param name="filter.login.casServerLoginUrl"> https://test.kuali.org/cas-cnv/login </param> <param name="filter.login.serverName">${server.url} </param> <param name="filtermapping.login.1">/*</param> <param name="filter.validation.class">org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</param> <param name="filter.validation.casServerUrlPrefix"> https://test.kuali.org/cas-cnv </param> <param name="filter.validation.serverName">$ {server.url} </param> <param name="filtermapping.validation.2">/*</param> <param name="filter.caswrapper.class">org.jasig.cas.client.util.HttpServletRequestWrapperFilter</param> <param name="filtermapping.caswrapper.3">/*</param>

            People

            • Assignee:
              ewestfal Eric Westfall
              Reporter:
              apotts Tony Potts (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: