5.7.3.3. Redirect to CAS

To utilize the Central Authentication Service, GateIn 3.2 needs to redirect all user authentication to the CAS server.

Information about where the CAS is hosted must be properly configured within the GateIn 3.2 instance. The required configuration is done by modifying three files:

In the gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml file, modify the 'Sign In' link as follows:


<!--
<a class="Login" onclick="$signInAction"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>
-->
<a class="Login" href="/portal/sso"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>

In the gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl file, modify the 'Sign In' link as follows:


<!--
<a onclick="$signInAction"><%=_ctx.appRes("UILogoPortlet.action.signin")%></a>
-->
<a href="/portal/sso"><%=_ctx.appRes("UILogoPortlet.action.signin")%></a>

Replace the entire contents of gatein.ear/02portal.war/login/jsp/login.jsp with:


<html>

  <head>

    <script type="text/javascript">

     window.location = '/portal/sso';

    </script>

  </head>

  <body>

  </body>

</html>

Add the following filters at the top of the filter chain in gatein.ear/02portal.war/WEB-INF/web.xml:


<filter>

   <filter-name>LoginRedirectFilter</filter-name>

   <filter-class>org.gatein.sso.agent.filter.LoginRedirectFilter</filter-class>

   <init-param>

      <!-- This should point to your SSO authentication server -->

      <param-name>LOGIN_URL</param-name>

      <!-- If casRenewTicket param value of InitiateLoginServlet is: not specified or false -->

      <param-value>http://localhost:8888/cas/login?service=http://localhost:8080/portal/initiatessologin</param-value>

      <!-- If casRenewTicket param value of InitiateLoginServlet is : true -->

      <!-- <param-value>http://localhost:8888/cas/login? service=http://localhost:8080/portal/initiatessologin&amp;renew=true</param-value> -->

   </init-param>

</filter>

<filter>

   <filter-name>CASLogoutFilter</filter-name>

   <filter-class>org.gatein.sso.agent.filter.CASLogoutFilter</filter-class>

   <init-param>

      <!-- This should point to your JOSSO authentication server -->

      <param-name>LOGOUT_URL</param-name>

      <param-value>http://localhost:8888/cas/logout</param-value>

   </init-param>

</filter>

<filter>

   <filter-name>InitiateLoginFilter</filter-name>

   <filter-class>org.gatein.sso.agent.filter.InitiateLoginFilter</filter-class>

   <init-param>

      <param-name>ssoServerUrl</param-name>

      <param-value>http://localhost:8888/cas</param-value>

   </init-param>

   <init-param>

      <param-name>casRenewTicket</param-name>

      <param-value>false</param-value>

   </init-param>

   <init-param>

      <param-name>casServiceUrl</param-name>

      <param-value>http://localhost:8080/portal/initiatessologin</param-value>

   </init-param>

   <init-param>

      <param-name>loginUrl</param-name>

      <param-value>http://localhost:8080/portal/dologin</param-value>

   </init-param>

</filter>



<!-- Mapping the filters at the very top of the filter chain -->

<filter-mapping>

   <filter-name>LoginRedirectFilter</filter-name>

   <url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

   <filter-name>CASLogoutFilter</filter-name>

   <url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

   <filter-name>InitiateLoginFilter</filter-name>

   <url-pattern>/initiatessologin</url-pattern>

</filter-mapping>

Once these changes have been made, all links to the user authentication pages will redirect to the CAS centralized authentication form.