-
Notifications
You must be signed in to change notification settings - Fork 26
Configuring JSON Validation Response
This is the lightweight JSON validation response for service tickets. The successful validation response contains a set of exposed principal attributes and basically looks like this:
{
"user":"u1",
"authenticationTime":1341844049419,
"attributes":
{"eduPersonAffiliation":"alumni",
"lastName":"One",
"firstName":"User"}
}
On the other hand, an unsuccessful validation attempt would return the following response:
{
"authenticationFaluire": {
"code":"xxx",
"description":"xxx"
}
}
where xxx
would be a specific string for code
and description
Of course there is a SAML validation response already baked into CAS, but over the years we've noticed a pattern where folks wanted a lightweight response with attributes and resorted to 'hack' success view JSP to do that. With this view, there is no need to do that (should one choose to use it).
After having declared the cas-addon dependency in your pom.xml
file, adjust your local CAS overlay with the following changes in cas-servlet.xml:
<bean id="jsonSucessView" class="net.unicon.cas.addons.response.ServiceValidateSuccessJsonView"/>
<bean id="jsonFailureView" class="net.unicon.cas.addons.response.ServiceValidateFailureJsonView"/>
<bean id="serviceValidateController" class="org.jasig.cas.web.ServiceValidateController"
p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:proxyHandler-ref="proxy20Handler"
p:argumentExtractor-ref="casArgumentExtractor"
p:successView="jsonSucessView"
p:failureView="jsonFailureView"/>
On the client side, if you wish to validate the JSON response through a Java Servlet filter, use the Cas20ServiceTicketJsonValidationFilter class available in cas-java-clients-addons project which supports all the usual parameters as would normal CAS client validation filters.