spring-securitycasjasigspring-security-cas

Problems while implementing SSO with Spring Security CAS extension


I'm trying to use Spring Security CAS extension to authenticate users on my applications. Earlier there was only one application, so SSO was not needed. Now there is one more application and I want the user to log in once and use all the applications without having to go through authentication again (SSO, basically). I've a bunch of questions like these -

Spring Security and CAS deployerContext Configuration - http://pastie.org/8408976 and http://pastie.org/8408967

Note: I'm using Spring Security 3.1.4.RELEASE and CAS server 3.5.2 version. Any pointers will be helpful.


Solution

  • I set up Spring Security CAS with Jasig server and SSO seems to work
       as logging in to any of the applications suffices to access the other
       application. I've modified the deployerConfigContext.xml to replace
       the inMemoryServiceRegistryDaoImpl with JPA / Hibernate one. But I
       always see the below line in my logs. Though the tables have been
       created (SERVICETICKET and so on) in my db. These tables are always
       empty when I try logging in and out.
    
    When I try to access URL `https://localhost/cas/services`, it returns an error "This website has a redirect loop". and I see the
    

    below piece repeating n number of times in the logs (with different ticket numbers)

    I figured out the solution to this. This was happening as filterProcessesUrl in CAS server configuration had the string "acegi" (old name for Spring Security), which didn't match to "spring", hence the problem. Modifying that helped. Not sure why old name was hardcoded there. Also, it didn't pick up this string from cas.properties, so figuring it out was a little more difficult.

    I hope to get answers for other questions.