• Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.5.0 RC1, 3.5.0
    • Component/s: None
    • Labels:



      As I did some testing with OAuth protocol, I extract my code to create a cas-server-module-oauth. I propose to use it as a starting point for real integration of OAuth protocol in CAS.

      + Overview of my code :
      I use the Scribe library ( to integrate with social networks. I only wrote an implementation for facebook, but other implementations should not be too hard.
      I create the notion of provider : a provider is Facebook for example, it is a way to authenticate outside the CAS server. I use a controller as a callback url for provider which is outside the webflow.

      + The classes in the module : : it is the controller where the provider sends back the user after authentication in its own system : it is an authentication handler for oauth credentials; in fact, it does nothing, it returns always true as credentials are created when the user is already authenticated : it is the credentials after the user authenticates in the social network (by the provider) : provider name + user identifier : it is a principal resolver : for oauth provider, it is the name of the provider, the character '#' and the user identifier : it represents the contract of an oauth provider : it is a common implementation of oauth provider (it uses the Scribe library) : it is the implementation dedicated to facebook

      + The configuration needed in CAS server :

      • in login page (casLoginView.jsp), add the link to facebook authentication and needed imports :
        ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(application);
        try { FacebookIdentityProviderImpl facebookProvider = (FacebookIdentityProviderImpl)applicationContext.getBean("facebookProvider"); %><a href="<%=facebookProvider.getAuthorizationUrl()%>">Authenticate with Facebook</a><% }

        catch (Exception e)

        { e.printStackTrace(); }


      • add a facebook provider to applicationContext.xml (the id and the secret are the information given by facebook when you create a facebook application) :
        <bean id="facebookProvider" class="">
        <property name="id" value="xxx" />
        <property name="secret" value="xxx" />
        <property name="callbackUrl" value="http://myserver/cas/facebook" />
      • add a facebook controller to cas-servlet.xml :
        <bean id="facebookController" class=""
        p:provider-ref="facebookProvider" />
      • and the mapping needed in handlerMappingC bean :
      • and in web.xml :
      • add the cas-server-support-oauth dependency to cas-server-webapp pom.xml :

      With this configuration, I have a link "Authenticate with Facebook" on the login page, I click on it, authenticate in facebook and come back to CAS and I am authenticated in CAS.

      + Problems :
      I think the main problem of my code is the controller which is the callback url of the provider : it is outside the CAS webflow and therefore, I have to create by myself the CAS identity and I don't have the service of the login page (maybe I could get it in the session but it is not a proper way).
      I think it would better to have this callback url integrated in the webflow CAS.
      Errors are not really handled in the controller and the code has to be tested fully.

      Don't hesitate to ask me questions.


        1. applicationContext.xml
          4 kB
          11 kB
          14 kB
          14 kB
          15 kB
          16 kB
          20 kB
        8. cas-server-support-oauth_with_scribeup.pdf
          175 kB
        9. cas-server-support-oauth.pdf
          207 kB
          11 kB
        11. catalina.2011-09-01.log
          409 kB
        12. catalina.out
          291 kB
        13. localhost.2011-09-01.log
          287 kB
        14. localhost.2011-09-01.log
          287 kB
        15. patch_module_oauth_2.txt
          16 kB
        16. patch_module_oauth.txt
          17 kB



            • Assignee:
              jleleu Jérôme Leleu
              jleleu Jérôme Leleu
            • Votes:
              1 Vote for this issue
              6 Start watching this issue


              • Created: