Building and deploying CAS with the ClearPass extension
In this post I describe step by step how to build and deploy the ClearPass extended version of CAS with support for exposing the end user's password to authorized applications.
Here's the offending line in the casLoginView.jsp:
Changing it to single quotes resolves the problem.
Entry in CAS user manual
Note that since the original writing of this blog post, documentation in the CAS user manual of this component has been added.
What is ClearPass?
ClearPass is an extension to CAS to capture the end user's password at the time of end user login to CAS and to make this password available for retrieval by specific applications which authenticate that request to CAS by means of a Proxy CAS Ticket.
Passwords are useful things. An email webapp might need the end user's password to authenticate on his or her behalf to the IMAP server. A portlet that replays login forms via JavaScript (like, e.g., the Toro Gateway SSO Portlet) might need the password as one of the fields of forms that it replays. Of course, it would be better if applications didn't need to touch the end user's password, since proliferation of the password across applications is one of the problems that a single sign on framework like CAS is supposed to be solving. Nonetheless, you might find yourself in a situation where some applications can use CAS single sign on in the normal way, some meet their needs by making use of proxy CAS tickets, and some really do need to get their grubby hands on the end user's password. ClearPass is optional, add-on technology for CAS that makes this technically feasible.
Conceptually, how is it built?
Clearpass is a small and relatively simple project consisting of two parts, an extended CAS part, and an add-on for uPortal suitable for consuming it. The scope of this post is to just discuss the extended CAS portion.
The extended CAS portion consists of a few Java classes to be compiled and some extensions to the CAS configuration and set of JSPs implementing the CAS protocol views.
The ClearPass CAS Maven project object model (pom.xml) declares dependency on the CAS webapp. This means that when you build ClearPass, Maven pulls down the CAS webapp artifacts and considers them a dependency of the ClearPass additions, which are layered onto CAS.
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-webapp</artifactId>
<version>3.2.1</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
Step by step demonstration of building and deploying it
A Servlet Container into which to install it
The CAS Java Web application needs a Java Web application container in which to run. It doesn't need anything particularly fancy -- the Tomcat servlet container will work just fine.
I downloaded Tomcat 6, the 6.0.20 release in particular since that was the most recent as of this writing.
I extracted the downloadedapache-tomcat-6.0.20.tar.gz file into a /cas directory on my MacBook laptop:
$ pwd
/cas
$ ls
apache-tomcat-6.0.20
apache-tomcat-6.0.20.tar.gz
Check out ClearPass from SVN
I made a "clearpass" directory in that /cas directory and checked out the ClearPass source code into it.
$ mkdir clearpass
$ cd clearpass
$ ls
$ svn co https://www.ja-sig.org/svn/sandbox/cas-clearpass ./
A cas
A cas/.classpath
A cas/.project
A cas/src
A cas/src/test
A cas/src/test/java
A cas/src/test/java/edu
A cas/src/test/java/edu/csus
A cas/src/test/java/edu/csus/cas
A cas/src/test/java/edu/csus/cas/clearpass
A cas/src/main
A cas/src/main/java
A cas/src/main/java/edu
A cas/src/main/java/edu/csus
A cas/src/main/java/edu/csus/cas
A cas/src/main/java/edu/csus/cas/clearpass
A cas/src/main/java/edu/csus/cas/clearpass/CacheCredentialsAction.java
A cas/src/main/java/edu/csus/cas/clearpass/ClearPassController.java
A cas/src/main/java/edu/csus/cas/clearpass/CredentialsCache.java
A cas/src/main/java/edu/csus/cas/clearpass/CredentialsCacheImpl.java
A cas/src/main/java/edu/csus/cas/clearpass/ClearPassServiceValidator.java
A cas/src/main/java/edu/csus/cas/clearpass/ClearPassServiceValidatorImpl.java
A cas/src/main/webapp
A cas/src/main/webapp/WEB-INF
A cas/src/main/webapp/WEB-INF/cas-servlet.xml
A cas/src/main/webapp/WEB-INF/login-webflow.xml
A cas/src/main/webapp/WEB-INF/view
A cas/src/main/webapp/WEB-INF/view/jsp
A cas/src/main/webapp/WEB-INF/view/jsp/protocol
A cas/src/main/webapp/WEB-INF/view/jsp/protocol/2.0
A cas/src/main/webapp/WEB-INF/view/jsp/protocol/2.0/clearPassFailure.jsp
A cas/src/main/webapp/WEB-INF/view/jsp/protocol/2.0/clearPassSuccess.jsp
A cas/src/main/webapp/WEB-INF/web.xml
A cas/src/main/webapp/WEB-INF/classes
A cas/src/main/webapp/WEB-INF/classes/ehcache.xml
A cas/src/main/webapp/WEB-INF/classes/protocol_views.properties
A cas/src/main/webapp/WEB-INF/classes/log4j.properties
A cas/pom.xml
A uportal
A uportal/.classpath
A uportal/.project
A uportal/doc
A uportal/doc/web.xml.example
A uportal/doc/security.properties.example
A uportal/src
A uportal/src/test
A uportal/src/test/java
A uportal/src/main
A uportal/src/main/java
A uportal/src/main/java/org
A uportal/src/main/java/org/jasig
A uportal/src/main/java/org/jasig/portal
A uportal/src/main/java/org/jasig/portal/security
A uportal/src/main/java/org/jasig/portal/security/provider
A uportal/src/main/java/org/jasig/portal/security/provider/cas
A uportal/src/main/java/org/jasig/portal/security/provider/cas/PasswordCachingCasFilteredSecurityContext.java
A uportal/src/main/java/org/jasig/portal/security/provider/cas/PasswordCachingCasFilteredSecurityContextFactory.java
A uportal/src/main/java/edu
A uportal/src/main/java/edu/yale
A uportal/src/main/java/edu/yale/its
A uportal/src/main/java/edu/yale/its/tp
A uportal/src/main/java/edu/yale/its/tp/cas
A uportal/src/main/java/edu/yale/its/tp/cas/proxy
A uportal/src/main/java/edu/yale/its/tp/cas/proxy/ProxyEchoFilter.java
A uportal/src/main/java/edu/yale/its/tp/cas/util
A uportal/src/main/java/edu/yale/its/tp/cas/util/SecureURL.java
A uportal/pom.xml
Checked out revision 46193.
Build ClearPass
$ cd cas
$ ls
pom.xml src
$ mvn package
[INFO] Scanning for projects...
Downloading: http://developer.ja-sig.org/maven2//org/jasig/cas/cas-server/3.2.1/cas-server-3.2.1.pom
7K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/jasig/jasig-parent/5/jasig-parent-5.pom
5K downloaded
[INFO] ------------------------------------------------------------------------
[INFO] Building Unnamed - edu.csus:cas.clearpass:war:1.0-SNAPSHOT
[INFO] task-segment: [package]
[INFO] ------------------------------------------------------------------------
[INFO] artifact org.codehaus.mojo:cobertura-maven-plugin: checking for updates from central
Downloading: http://repo1.maven.org/maven2/org/codehaus/mojo/cobertura-maven-plugin/2.2/cobertura-maven-plugin-2.2.pom
5K downloaded
Downloading: http://repo1.maven.org/maven2/org/codehaus/mojo/mojo/16/mojo-16.pom
8K downloaded
Downloading: http://repo1.maven.org/maven2/org/codehaus/mojo/cobertura-maven-plugin/2.2/cobertura-maven-plugin-2.2.jar
28K downloaded
[INFO] [resources:resources]
[INFO] Using default encoding to copy filtered resources.
Downloading: http://developer.ja-sig.org/maven2//org/jasig/cas/cas-server-webapp/3.2.1/cas-server-webapp-3.2.1.pom
3K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/jasig/cas/cas-server-core/3.2.1/cas-server-core-3.2.1.pom
3K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/jasig/service/person-directory-impl/1.1.1/person-directory-impl-1.1.1.pom
13K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/jasig/service/person-directory-parent/1.1.1/person-directory-parent-1.1.1.pom
11K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/jasig/service/person-directory-api/1.1.1/person-directory-api-1.1.1.pom
1K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-orm/2.5.1/spring-orm-2.5.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-orm/2.5.1/spring-orm-2.5.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-orm/2.5.1/spring-orm-2.5.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-orm/2.5.1/spring-orm-2.5.1.pom
4K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-context/2.5.1/spring-context-2.5.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-context/2.5.1/spring-context-2.5.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-context/2.5.1/spring-context-2.5.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-context/2.5.1/spring-context-2.5.1.pom
3K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-tx/2.5.1/spring-tx-2.5.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-tx/2.5.1/spring-tx-2.5.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-tx/2.5.1/spring-tx-2.5.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-tx/2.5.1/spring-tx-2.5.1.pom
3K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/apache/santuario/xmlsec/1.4.0/xmlsec-1.4.0.pom
Downloading: http://developer.ja-sig.org/maven2/org/apache/santuario/xmlsec/1.4.0/xmlsec-1.4.0.pom
Downloading: http://repository.jboss.com/maven2/org/apache/santuario/xmlsec/1.4.0/xmlsec-1.4.0.pom
Downloading: http://repo1.maven.org/maven2/org/apache/santuario/xmlsec/1.4.0/xmlsec-1.4.0.pom
Downloading: http://developer.ja-sig.org/maven2//org/opensaml/opensaml/1.1b/opensaml-1.1b.pom
Downloading: http://developer.ja-sig.org/maven2/org/opensaml/opensaml/1.1b/opensaml-1.1b.pom
Downloading: http://repository.jboss.com/maven2/org/opensaml/opensaml/1.1b/opensaml-1.1b.pom
Downloading: http://repo1.maven.org/maven2/org/opensaml/opensaml/1.1b/opensaml-1.1b.pom
Downloading: http://developer.ja-sig.org/maven2//org/inspektr/inspektr-core/0.6.1/inspektr-core-0.6.1.pom
1K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/inspektr/inspektr/0.6.1/inspektr-0.6.1.pom
2K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-webmvc/2.5.1/spring-webmvc-2.5.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-webmvc/2.5.1/spring-webmvc-2.5.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-webmvc/2.5.1/spring-webmvc-2.5.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-webmvc/2.5.1/spring-webmvc-2.5.1.pom
5K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-context-support/2.5.1/spring-context-support-2.5.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-context-support/2.5.1/spring-context-support-2.5.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-context-support/2.5.1/spring-context-support-2.5.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-context-support/2.5.1/spring-context-support-2.5.1.pom
5K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-web/2.5.1/spring-web-2.5.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-web/2.5.1/spring-web-2.5.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-web/2.5.1/spring-web-2.5.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-web/2.5.1/spring-web-2.5.1.pom
4K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-jdbc/2.5.1/spring-jdbc-2.5.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-jdbc/2.5.1/spring-jdbc-2.5.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-jdbc/2.5.1/spring-jdbc-2.5.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-jdbc/2.5.1/spring-jdbc-2.5.1.pom
3K downloaded
Downloading: http://developer.ja-sig.org/maven2//net/sf/ehcache/ehcache/1.4.0-beta2/ehcache-1.4.0-beta2.pom
Downloading: http://developer.ja-sig.org/maven2/net/sf/ehcache/ehcache/1.4.0-beta2/ehcache-1.4.0-beta2.pom
Downloading: http://repository.jboss.com/maven2/net/sf/ehcache/ehcache/1.4.0-beta2/ehcache-1.4.0-beta2.pom
Downloading: http://repo1.maven.org/maven2/net/sf/ehcache/ehcache/1.4.0-beta2/ehcache-1.4.0-beta2.pom
16K downloaded
Downloading: http://developer.ja-sig.org/maven2//net/sf/ehcache/ehcache-parent/1.4.0-beta2/ehcache-parent-1.4.0-beta2.pom
Downloading: http://developer.ja-sig.org/maven2/net/sf/ehcache/ehcache-parent/1.4.0-beta2/ehcache-parent-1.4.0-beta2.pom
Downloading: http://repository.jboss.com/maven2/net/sf/ehcache/ehcache-parent/1.4.0-beta2/ehcache-parent-1.4.0-beta2.pom
Downloading: http://repo1.maven.org/maven2/net/sf/ehcache/ehcache-parent/1.4.0-beta2/ehcache-parent-1.4.0-beta2.pom
16K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-context/2.0.7/spring-context-2.0.7.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-context/2.0.7/spring-context-2.0.7.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-context/2.0.7/spring-context-2.0.7.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-context/2.0.7/spring-context-2.0.7.pom
2K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-web/2.0.7/spring-web-2.0.7.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-web/2.0.7/spring-web-2.0.7.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-web/2.0.7/spring-web-2.0.7.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-web/2.0.7/spring-web-2.0.7.pom
3K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/ldap/spring-ldap-tiger/1.2.1/spring-ldap-tiger-1.2.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/ldap/spring-ldap-tiger/1.2.1/spring-ldap-tiger-1.2.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/ldap/spring-ldap-tiger/1.2.1/spring-ldap-tiger-1.2.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/ldap/spring-ldap-tiger/1.2.1/spring-ldap-tiger-1.2.1.pom
1K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-test/2.5.1/spring-test-2.5.1.pom
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-test/2.5.1/spring-test-2.5.1.pom
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-test/2.5.1/spring-test-2.5.1.pom
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-test/2.5.1/spring-test-2.5.1.pom
4K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/jasig/cas/cas-server-core/3.2.1/cas-server-core-3.2.1.jar
172K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/jasig/service/person-directory-impl/1.1.1/person-directory-impl-1.1.1.jar
51K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/jasig/service/person-directory-api/1.1.1/person-directory-api-1.1.1.jar
2K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-core/2.5.1/spring-core-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-core/2.5.1/spring-core-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-core/2.5.1/spring-core-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-core/2.5.1/spring-core-2.5.1.jar
268K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-beans/2.5.1/spring-beans-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-beans/2.5.1/spring-beans-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-beans/2.5.1/spring-beans-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-beans/2.5.1/spring-beans-2.5.1.jar
456K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-orm/2.5.1/spring-orm-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-orm/2.5.1/spring-orm-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-orm/2.5.1/spring-orm-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-orm/2.5.1/spring-orm-2.5.1.jar
356K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-context/2.5.1/spring-context-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-context/2.5.1/spring-context-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-context/2.5.1/spring-context-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-context/2.5.1/spring-context-2.5.1.jar
444K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-tx/2.5.1/spring-tx-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-tx/2.5.1/spring-tx-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-tx/2.5.1/spring-tx-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-tx/2.5.1/spring-tx-2.5.1.jar
216K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/inspektr/inspektr-core/0.6.1/inspektr-core-0.6.1.jar
49K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-webmvc/2.5.1/spring-webmvc-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-webmvc/2.5.1/spring-webmvc-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-webmvc/2.5.1/spring-webmvc-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-webmvc/2.5.1/spring-webmvc-2.5.1.jar
376K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-context-support/2.5.1/spring-context-support-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-context-support/2.5.1/spring-context-support-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-context-support/2.5.1/spring-context-support-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-context-support/2.5.1/spring-context-support-2.5.1.jar
90K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-web/2.5.1/spring-web-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-web/2.5.1/spring-web-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-web/2.5.1/spring-web-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-web/2.5.1/spring-web-2.5.1.jar
177K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-jdbc/2.5.1/spring-jdbc-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-jdbc/2.5.1/spring-jdbc-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-jdbc/2.5.1/spring-jdbc-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-jdbc/2.5.1/spring-jdbc-2.5.1.jar
301K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/ldap/spring-ldap-tiger/1.2.1/spring-ldap-tiger-1.2.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/ldap/spring-ldap-tiger/1.2.1/spring-ldap-tiger-1.2.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/ldap/spring-ldap-tiger/1.2.1/spring-ldap-tiger-1.2.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/ldap/spring-ldap-tiger/1.2.1/spring-ldap-tiger-1.2.1.jar
3K downloaded
[INFO] [compiler:compile]
[INFO] Compiling 6 source files to /cas/clearpass/cas/target/classes
[INFO] [resources:testResources]
[INFO] Using default encoding to copy filtered resources.
Downloading: http://developer.ja-sig.org/maven2//org/jasig/cas/cas-server-webapp/3.2.1/cas-server-webapp-3.2.1.war
9225K downloaded
Downloading: http://developer.ja-sig.org/maven2//log4j/log4j/1.2.14/log4j-1.2.14.jar
Downloading: http://developer.ja-sig.org/maven2/log4j/log4j/1.2.14/log4j-1.2.14.jar
Downloading: http://repository.jboss.com/maven2/log4j/log4j/1.2.14/log4j-1.2.14.jar
358K downloaded
Downloading: http://developer.ja-sig.org/maven2//org/springframework/spring-test/2.5.1/spring-test-2.5.1.jar
Downloading: http://developer.ja-sig.org/maven2/org/springframework/spring-test/2.5.1/spring-test-2.5.1.jar
Downloading: http://repository.jboss.com/maven2/org/springframework/spring-test/2.5.1/spring-test-2.5.1.jar
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-test/2.5.1/spring-test-2.5.1.jar
173K downloaded
[INFO] [compiler:testCompile]
[INFO] Nothing to compile - all classes are up to date
[INFO] [surefire:test]
[INFO] No tests to run.
[INFO] [war:war]
[INFO] Packaging webapp
[INFO] Assembling webapp[cas.clearpass] in [/cas/clearpass/cas/target/cas.clearpass-1.0-SNAPSHOT]
[INFO] Processing war project
OverlayPackagingTask performPackaging overlay.getTargetPath() null[INFO] Processing overlay[ id org.jasig.cas:cas-server-webapp]
[INFO] Unpacking overlay[ id org.jasig.cas:cas-server-webapp]
[INFO] Expanding: /Users/apetro/.m2/repository/org/jasig/cas/cas-server-webapp/3.2.1/cas-server-webapp-3.2.1.war into /cas/clearpass/cas/target/war/work/org.jasig.cas/cas-server-webapp
[INFO] Webapp assembled in[2080 msecs]
[INFO] Building war: /cas/clearpass/cas/target/csus.cas.war
[INFO] Preparing source:jar
[WARNING] Removing: jar from forked lifecycle, to prevent recursive invocation.
[INFO] No goals needed for project - skipping
[INFO] [source:jar {execution: attach-sources}]
[INFO] Building jar: /cas/clearpass/cas/target/cas.clearpass-1.0-SNAPSHOT-sources.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1 minute 29 seconds
[INFO] Finished at: Fri Jun 12 11:03:44 MST 2009
[INFO] Final Memory: 11M/23M
[INFO] ------------------------------------------------------------------------
Install ClearPass enhanced CAS .war file into Tomcat
$ cp /cas/clearpass/cas/target/csus.cas.war /cas/apache-tomcat-6.0.20/webapps/
Start Tomcat
$ pwd
/cas/apache-tomcat-6.0.20/bin
$ ls
bootstrap.jar jsvc.tar.gz tomcat-juli.jar
catalina-tasks.xml service.bat tomcat-native.tar.gz
catalina.bat setclasspath.bat tomcat6.exe
catalina.sh setclasspath.sh tomcat6w.exe
commons-daemon.jar shutdown.bat tool-wrapper.bat
cpappend.bat shutdown.sh tool-wrapper.sh
digest.bat startup.bat version.bat
digest.sh startup.sh version.sh
$ ./startup.sh
Using CATALINA_BASE: /cas/apache-tomcat-6.0.20
Using CATALINA_HOME: /cas/apache-tomcat-6.0.20
Using CATALINA_TMPDIR: /cas/apache-tomcat-6.0.20/temp
Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
An aside dealing with the login JSP
So, when I try to visit the login page, I get an error message. I suspect this is a matter of later Tomcat versions being more persnickety about properly delimiting JSP tag attributes. Note that this is known issue affecting the CAS server version 3.2.1 on which ClearPass presently depends, which was fixed for CAS Server 3.3.1. Sounds like a good reason to figure out how to update ClearPass to include a more recent CAS release.http://localhost:8080/csus.cas/login
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: /WEB-INF/view/jsp/default/ui/casLoginView.jsp(48,35) Attribute value request.getQueryString() == null ? "" : request.getQueryString().replaceAll("&locale=([A-Za-z][A-Za-z]_)?[A-Za-z][A-Za-z]|^locale=([A-Za-z][A-Za-z]_)?[A-Za-z][A-Za-z]", "") is quoted with " which must be escaped when used within the value
org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)
org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:407)
org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:198)
org.apache.jasper.compiler.Parser.parseQuoted(Parser.java:299)
org.apache.jasper.compiler.Parser.parseAttributeValue(Parser.java:249)
org.apache.jasper.compiler.Parser.parseAttribute(Parser.java:211)
org.apache.jasper.compiler.Parser.parseAttributes(Parser.java:154)
org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1250)
org.apache.jasper.compiler.Parser.parseElements(Parser.java:1462)
org.apache.jasper.compiler.Parser.parseBody(Parser.java:1670)
org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:1020)
org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1288)
org.apache.jasper.compiler.Parser.parseElements(Parser.java:1462)
org.apache.jasper.compiler.Parser.parse(Parser.java:137)
org.apache.jasper.compiler.ParserController.doParse(ParserController.java:255)
org.apache.jasper.compiler.ParserController.parse(ParserController.java:103)
org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:170)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:332)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:312)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:299)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:586)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.20 logs.
Apache Tomcat/6.0.20
<c:set var="query" value="<%=request.getQueryString() == null ? "" : request.getQueryString().replaceAll("&locale=([A-Za-z][A-Za-z]_)?[A-Za-z][A-Za-z]|^locale=([A-Za-z][A-Za-z]_)?[A-Za-z][A-Za-z]", "")%>" />
<c:set var='query' value='<%=request.getQueryString() == null ? "" : request.getQueryString().replaceAll("&locale=([A-Za-z][A-Za-z]_)?[A-Za-z][A-Za-z]|^locale=([A-Za-z][A-Za-z]_)?[A-Za-z][A-Za-z]", "")%>' />
(That wonky looking Jasig log is also a known issue.)
Checking that the ClearPass service is running
So CAS is running, but how do I verify that it has the ClearPass changes applied?
Well, at the least I can try to access the ClearPass service. Since I don't have a proxy ticket to authenticate to it, it will rightly fail with an error message.
http://localhost:8080/csus.cas/clearPass
<cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:clearPassFailure>invalid sevice specified</cas:clearPassFailure>
</cas:clearPassResponse>
More to come
Testing the positive case -- where the proxy ticket is valid and so the ClearPass module releases the password -- takes a bit more effort. The easiest way to test that is probably using uPortal and the other half of ClearPass, and so is out of scope for this little blog post.
There's more to know here
There's additional scope to be discussed here, including the uPortal extension portion of ClearPass and how one would build and use ClearPass with a more recent release of CAS. Look for follow-up blog posts and more information on these points to be available soon.
Your Blogmaster:
Andrew Petro
After graduating with a B.S. in Computer Science from Yale University in 2004, Andrew stayed on to serve his alma mater as a casual systems programmer with the Technology & Planning group. His interests include automated software testing, application frameworks, and electronic security. Projects in which Andrew has been involved include the Central Authentication Service, YaleInfo Portal (Yale's uPortal implementation). and the JA-SIG uPortal project. Andrew serves as the release engineer for uPortal 2.6.x (previously for 2.5.x) and has been published in the Communications of the Association for Computing Machinery on the topic of electronic voting. In fall 2005, Andrew relocated to Wisconsin and continued to work for Yale on a contract basis while starting part time with Unicon and in spring 2006 Andrew joined Unicon full time, serving roles since then including technical lead on Academus and on Cooperative Support for uPortal.
- Andrew Petro's blog
- Login or register to post comments
