This page shows how the esup-helpdesk application can be deployed with CAS, Shibboleth and application authentications.
Shibboleth
Frontal server
The Shibboleth authentication is performed by a frontal Apache proxy server with mod_shib (e.g. frontal.domain.edu). This server proxies all the requests to an application server (e.g. application.domain.edu), served by Tomcat and on which the esup-helpdesk application is installed.
Bloc de code |
---|
<VirtualHost frontal.domain.edu:80>
ServerName frontal.domain.edu
VirtualDocumentRoot /data/webapps/frontal.domain.edu
ProxyPass /esup-helpdesk ajp://application.domain.edu:8080/esup-helpdesk min=0 max=100 smax=50 ttl=10 timeout=60
Proxypass /shibboleth !
ProxyErrorOverride On
ErrorDocument 403 "You are not allowed!"
<Location ~ "/esup-helpdesk/stylesheets/shibboleth.faces">
AuthType shibboleth
ShibRequireSession On
require valid-user
</Location>
</VirtualHost>
|
CAS
Application server until version 3.29.11
The configuration of esup-helpdesk on the application server is:
Bloc de code |
---|
|
quick-start=true
tomcat.host=frontal.domain.edu
tomcat.ajp-port=8080
tomcat.cas-port=80
tomcat.path=/esup-helpdesk |
Bloc de code |
---|
title | /properties/config.properties |
---|
|
auth.useCas=true
auth.useShibboleth=true
auth.useApplication=true
cas.url=https://cas.domain.edu
app.servletUrl=http://frontal.domain.edu/esup-helpdesk |
Application server from version 3.30
The configuration of esup-helpdesk on the application server is:
Bloc de code |
---|
|
<filter>
<description>
The CAS filter, used to authenticate users.
</description>
<display-name>CASFilter</display-name>
<filter-name>CAS Filter</filter-name>
<filter-class>
edu.yale.its.tp.cas.client.filter.CASFilter
</filter-class>
<init-param>
<param-name>
edu.yale.its.tp.cas.client.filter.loginUrl
</param-name>
<param-value>
https://cas.domain.edu/login
</param-value>
</init-param>
<init-param>
<param-name>
edu.yale.its.tp.cas.client.filter.validateUrl
</param-name>
<param-value>
https://cas.domain.edu/serviceValidate
</param-value>
</init-param>
<init-param>
<param-name>
edu.yale.its.tp.cas.client.filter.serverName
</param-name>
<param-value>helpdesk.domain.edu</param-value>
</init-param>
<init-param>
<param-name>
edu.yale.its.tp.cas.client.filter.wrapRequest
</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/stylesheets/cas.faces</url-pattern>
</filter-mapping> |
Bloc de code |
---|
title | /properties/config.properties |
---|
|
auth.useCas=true
auth.useShibboleth=true
auth.useApplication=true
cas.url=https://cas.domain.edu
app.servletUrl=http://helpdesk.domain.edu |