Great, Thanks, it is working and the plugin is now enabled.
···
On Sun, May 12, 2013 at 11:09 AM, Christian Mueller <christian.mueller@anonymised.com45…> wrote:
Solved, this is a packaging error, see
http://jira.codehaus.org/browse/GEOS-5810
This issue also describes a workaround.
2013/5/12 Gonçalo Revez <goncalorevez@anonymised.com>
Hi Christian,
The geoserver works fine without the cas plugin jar files.
You can find the geoserver log file attached.
Thanks
Gonçalo
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Sat, May 11, 2013 at 6:49 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi Goncalo
I do not see any errors caused by the CAS module. Can you
- stop geoserver
- remove geoserver.log
- remove the jar files from WEB-INF\lib and restart GeoServer.
- start GeoServer without CAS
Send me the log file.
2013/5/10 Gonçalo Revez <goncalorevez@anonymised.com>
Hi Christian,
First, thank you for your feedback, it’s only missing to put this in practice 
by having the plugin installed successfully, which I can’t, and it seems so simple…
I attached the log errors that geoserver returns after copy the plugin jars.
I started a new installation from the beginning, right now:
Thanks
Gonçalo
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Fri, May 10, 2013 at 1:16 PM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi Goncalo
add 1)
The download is a zip file containing jar files. You have to unzip the zip file and copy the jar files into WEB-INF/lib. That is all you have to do.
add 2)
No, the plugin does not need an open SSL port for start up. You can even use CAS without SSL, but if you want to have a SSO solution, you must use SSL.
add 3.1)
After installing the plugin successfully, you can create a new CasAuthenticationFilter on the GUI. After creating this filter, you can use it on any filter chain you like. As an example, remove the basic auth filter and the anonymous filter on the default chain and add the CAS filter.
add 3.2)
Yes
add 3.3)
I think you mean a SSO behavior. CAS is working with Cookies and HTTP redirects. The cookie for SSO is only used if you use SSL connections. Normally, each Geoserver request will trigger a CAS request for validating and getting the user name. If you want to avoid this, you can allow http session creation for a filter chain. In this case, the validation happens only once.
add 3.4)
If you have no SSL setup, this scenario would not work. But you can put your CAS filter on the default chain ("/**) and trigger a WMS request from your browser. Next you will be redirected to the CAS login page. After a successful login, you will see your map.
add 3.5)
Where is this documentation ?. You can use CAS like any other authentication filter, the only problem is the missing documentation.
Hope this helps, if you have further questions, please ask
Christian
2013/5/10 Gonçalo Revez <goncalorevez@anonymised.com>
Hi,
Following this email and since I was trying the new version of geoserver, specially the new security part and found this post, I wounder if you could point me on the following questions as I’m a new user on this subject:
- I downloaded the new geoserver 2.3.1 default jetty instalation, then downloaded the cas plugin 2.3.1. I just copied to the web-inf/lib and the geoserver doesn’t start, giving some errors regarding the initialization of several beans (GWCGeoServerRESTConfigurationProvider, localWorkspaceCatalog, advertisedCatalog, secureCatalog).
Is this step, of copying the cas plugin, should be straightforward or I’m missing any configuration?
-
Does the jetty server needs to have ssl port enabled in order to cas plugins be loaded during the geoserver start? I’m not sure, if the jetty geoserver installation have it enabled by default.
-
Since I’m not able to load the cas plugin, how does the plugin works on the geoserver?
3.1) Does it created a new filter chain using cas in order to connect to the cas server (which we can then configure)?
3.2) Calling a WMS from geoserver, where a cas filter chain is configured, does the geoserver deals with all the authentication steps with the cas server and forward the steps to the client(browser)?
3.3) Using a session already authenticated on cas server through other application, and using the token by passing on a wms geoserver request, does the geoserver automatically forward the request to the cas server in order to validate the token and after validation success redirects the response to the client?
3.4) I’m trying a simple scenario of web application login trough a cas server and then then calling the map through the geoserver using the same credentials.
3.5) I saw on documentation that it’s not recommend to use this on production environment. Is there any specially reason, if the scenario of using geoserver to authenticate/validate through a cas server, really works?
Thanks in advance
Best Regards,
Gonçalo
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Fri, May 10, 2013 at 10:57 AM, Jonathan Moules <jonathanmoules@anonymised.com> wrote:
Hi Christian,
Thanks for the link, I’ve noted it in case I ever have need of this. As requested I created a JIRA issue, but Andrea will have to assign it to you, I can’t.
Premysl: Hopefully I won’t need it; the less configuring I need to do the better. Plus we use LDAP internally for everything.
Cheers,
Jonathan
On 10 May 2013 10:33, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi Jonathan
The reason for the missing CAS documentation is quite simply, it is lack of time. I have this on my to do list but I am quite busy at the moment. Feel free to open a JIRA issue and assign it to me.
Christian
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
2013/5/10 Premysl Vohnout <vohnout@anonymised.com>
Jonathan,
CAS is very useful if you are trying to make seamless system from several components (like Geoserver, CMS, specialized app) so don’t say never likely 
best regards
Premysl
On 9.5.2013 15:35, Jonathan Moules wrote:
Hi Premysl,
Thanks for that information. Even knowing that I still can’t find any documentation on it, but as I’m never likely to need it, its not an issue for me.
Cheers,
Jonathan
On 9 May 2013 14:31, Premysl Vohnout <vohnout@anonymised.com> wrote:
Hi Jonathan,
CAS is module for authorization against CAS server. CAS is shortcut for Central authentcation system (service). See http://en.wikipedia.org/wiki/Central_Authentication_Service
On Čt 9. květen 2013, 14:01:42 CEST, Jonathan Moules wrote:
Hi List,
The download page http://geoserver.org/display/GEOS/Stable - has a
extension called “CAS”, but looking at the manual, there’s no obvious
thing that it is. What is it?
Jonathan
This transmission is intended for the named addressee(s) only and may
contain sensitive or protectively marked material up to RESTRICTED and
should be handled accordingly. Unless you are the named addressee (or
authorised to receive it for the addressee) you may not copy or use
it, or disclose it to anyone else. If you have received this
transmission in error please notify the sender immediately. All email
traffic sent to or from us, including without limitation all GCSX
traffic, may be subject to recording and/or monitoring in accordance
with relevant legislation.
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH