Edit the spring-security.xml file found in the EDX_HOME\config\security\selfservice
\. Update the following:
- Add a CAS entry point to the security:http statement:
<security:http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager">
- Add a CAS custom filter to the security:http statement:
<security:custom-filter position="CAS_FILTER" ref="casFilter" />
- Add beans serviceProperties, casFilter, and casEntryPoint, specifying the server and ports for your implementation:
<bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<property name="service"> <value>https://
your_server_name:your_application_port/SelfService/
j_spring_cas_security_check </value> </property>
<property name="sendRenew" value="false"/>
</bean>
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://your_server_name:8443/cas-
server-webapp-3.4.11/login"/> <property name="serviceProperties"
ref="serviceProperties"/>
</bean>
- Set the service value to the URL of your Oracle Billing Insight application. Set the login URL value to the URL of your CAS server login.
- Update the authentication provider:
<security:authentication-provider ref="casAuthenticationProvider" />
- Add the casAuthenticationProvider bean:
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthentication
Provider"> <property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetails
ByNameServiceWrapper"><constructor-arg ref="userDetailsService" />
</bean></property> <property name="serviceProperties"
ref="serviceProperties" /> <property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
<constructor-arg index="0" value="https://your_server_name:8443/
cas-server-webapp-3.4.11" /></bean></property> <property
name="key"value="an_id_for_this_auth_provider_only"/>
</bean>
- Add a custom filter for single logout:
<security:custom-filter ref="requestSingleLogoutFilter"
before="LOGOUT_FILTER"/>
<security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
<security:logout logout-success-url="/nonAuth/logout.action"/>
<security:form-login login-page="/nonAuth/login.action" default-target-url="/reporting/reportStart.action" authentication-failure-url="/nonAuth/login.action?login_error=1"/>
- Add the filter definitions:
<!-- This filter handles a Single Logout Request from the CAS Server -->
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="https://your_server_name:8443/cas-server-webapp-3.4.11/logout?service=https://your_server_name:your_server_port/selfservice"/><constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.Security
ContextLogoutHandler"/></constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/></bean>
- Set the URL of your CAS server.
Configure Oracle Billing Insight to work in SSO enabled mode, which turns on and off the appropriate UI features. Make the following edits in the globalConfig.xma.xml file, found in the EDX_HOME/xma/config/modules
folder:
- Turn on the global configuration flags for SSO. Change the following property values to true:
<property name="ebillingSingleSignOnEnabled"><value>false</value></property>
<property name="csrSingleSignOnEnabled"><value>false</value></property>
- If you use Web Services, then set the following SSO flag to true:
<property name="ebillingWebServiceSingleSignOnEnabled"><value>false</value></property>
- Add a URL for single sign-out. The default value for CAS is j_spring_cas_security_logout:
<property name="singleSignOutUrl"><value>j_spring_cas_security_logout</value></property>
- Add home page links for the Self-Service and Assisted Service applications:
<property name="ebillingHomePageUrl"><value>http://localhost:7001/portlet</value></property>
<property name="csrHomePageUrl"><value>http://localhost:7001/portlet</value></property>