- Verify that the following requirements have been met:
- The CAS SSO system is set up.
- The Oracle Billing Insight installation and configuration is complete.
- Edit the setDomainEnv.sh script (setDomainEnv.cmd for Windows) for the CAS SSO-enabled Oracle WebLogic domain. Add the following property into the property into the JAVA_VM definition:
-Djavax.xml.parsers.SAXParserFactory=org.apache.xerces.jaxp.
SAXParserFactoryImpl
-Djavax.xml.parsers.DocumentBuilderFactory=org.apache.xerces.jaxp.
DocumentBuilderFactoryImpl
For example:
JAVA_VM="${JAVA_VM} -Dedx.home=${EDX_HOME} -Dlog4j.configuration=file:${EDX_HOME}/config/log4j_csr.xml -Dorg.owasp.esapi.resources=${EDX_HOME}/config -DPAYMENTECH_HOME=$PAYMENTECH_HOME -Daxis.ClientConfigFile=$CYBERSOURCE_HOME/CyberSourceClientDeploy.wsdd -Dweblogic.security.SSL.protocolVersion=TLS1 -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Djavax.xml.parsers.SAXParserFactory=org.apache.xerces.jaxp.SAXParserFactoryImpl"
export JAVA_VM
- Import the SSO user in the Oracle Billing Insight database.
- Access your LDAP server, and add a user and group for the Self-Service and Assisted Service applications.
- Download the libraries required to support integrating your SSO implementation with the CAS Server 3.4.11 to the EDX_HOME
\J2EEApps\selfservice\weblogic\selfservice-weblogic-7.1.ear\lib directory. These are open source resources and can be accessed from any public maven repository, CAS Web site, and so on. These can include files such as:
- cas-client-core-3.1.10.jar
- opensaml-1.1b.jar
- spring-security-cas-3.1.0.RELEASE.jar
- xmlsec-1.3.0.jar
- httpcore-4.1.jar (For the Assisted Service application only)
- Add the JAR file paths to the MANIFEST.MF file found in the EDX_HOME
\J2EEApps\selfservice\webcear\APP-INF\lib\xma-classpath.jar\META-INF\ directory, such as:
../../lib/xmlsec-1.3.0.jar ../../lib/opensaml-1.1b.jar ../../lib/spring-security-cas-3.1.0.RELEASE.jar ../../lib/cas-client-core-3.1.10.jar
- If there are any conflicts among third party library versions, then add the following statement to the weblogic-application.xml file found in the EDX_HOME
\J2EEApps\selfservice\weblogic\selfservice-weblogic-7.1.ear\META-INF\ directory:
<package-name>{jar path}</package-name>
For example:
<package-name>org.opensaml.*</package-name>
- Add the following content to the web.xml file found in the EDX_HOME
\J2EEApps\selfservice\weblogic\selfservice-weblogic-7.1.ear\selfservice-web-1.0-SNAPSHOT.war\WEB-INF directory:
<filter><filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class><init-param><param-name>encoding</param-name>
<param-value>UTF-8</param-value></init-param>
</filter><filter-mapping><filter-name>characterEncodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener>
- Edit the session time-out filter in the web.xml file to specify j_spring_cas_security_logout as the parameter value:
<param-value>(/j_spring_security_check|/nonAuth/logout.action|/j_spring_cas_security_logout).*</param-value>
- Edit the spring-security.xml file found in the EDX_HOME
\config\security\selfservice\. Update the following:
- Add a CAS entry point to the security:http statement:
<security:http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager">
- Add a CAS custom filter to the security:http statement:
<security:custom-filter position="CAS_FILTER" ref="casFilter" />
- Add beans serviceProperties, casFilter, and casEntryPoint, specifying the server and ports for your implementation:
<bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<property name="service"> <value>https://
your_server_name:your_application_port/SelfService/
j_spring_cas_security_check </value> </property>
<property name="sendRenew" value="false"/>
</bean>
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://your_server_name:8443/cas-
server-webapp-3.4.11/login"/> <property name="serviceProperties"
ref="serviceProperties"/>
</bean>
- Set the service value to the URL of your Oracle Billing Insight application. Set the login URL value to the URL of your CAS server login.
- Update the authentication provider:
<security:authentication-provider ref="casAuthenticationProvider" />
- Add the casAuthenticationProvider bean:
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthentication
Provider"> <property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetails
ByNameServiceWrapper"><constructor-arg ref="userDetailsService" />
</bean></property> <property name="serviceProperties"
ref="serviceProperties" /> <property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
<constructor-arg index="0" value="https://your_server_name:8443/
cas-server-webapp-3.4.11" /></bean></property> <property
name="key"value="an_id_for_this_auth_provider_only"/>
</bean>
- Add a custom filter for single logout:
<security:custom-filter ref="requestSingleLogoutFilter"
before="LOGOUT_FILTER"/>
<security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
<security:logout logout-success-url="/nonAuth/logout.action"/>
<security:form-login login-page="/nonAuth/login.action" default-target-url="/reporting/reportStart.action" authentication-failure-url="/nonAuth/login.action?login_error=1"/>
- Add the filter definitions:
<!-- This filter handles a Single Logout Request from the CAS Server -->
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="https://your_server_name:8443/cas-server-webapp-3.4.11/logout?service=https://your_server_name:your_server_port/selfservice"/><constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.Security
ContextLogoutHandler"/></constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/></bean>
- Set the URL of your CAS server.
- Install the certification file for both the SSO system and Oracle Billing Insight if the SSL connection is enabled.
- Configure Oracle Billing Insight to work in SSO enabled mode, which turns on and off the appropriate UI features. Make the following edits in the globalConfig.xma.xml file, found in the EDX_HOME
/xma/config/modules folder:
- Turn on the global configuration flags for SSO. Change the following property values to true:
<property name="ebillingSingleSignOnEnabled"><value>false</value></property>
<property name="csrSingleSignOnEnabled"><value>false</value></property>
- If you use Web Services, then set the following SSO flag to true:
<property name="ebillingWebServiceSingleSignOnEnabled"><value>false</value></property>
- Add a URL for single sign-out. The default value for CAS is j_spring_cas_security_logout:
<property name="singleSignOutUrl"><value>j_spring_cas_security_logout</value></property>
- Add home page links for the Self-Service and Assisted Service applications:
<property name="ebillingHomePageUrl"><value>http://localhost:7001/portlet</value></property>
<property name="csrHomePageUrl"><value>http://localhost:7001/portlet</value></property>
- Run the automated configuration script:
- Go to the following directory:
- Update the spring-security-sso.properties files found in each of the following directories:
UNIX:
EDX_HOME/samples/sso/CAS/conf/selfservice
EDX_HOME/samples/sso/CAS/conf/csr
EDX_HOME/samples/sso/CAS/conf/rs
Windows: EDX_HOME\samples\sso\CAS
EDX_HOME\samples\sso\CAS\conf\selfservice
EDX_HOME\samples\sso\CAS\conf\csr
EDX_HOME\samples\sso\CAS\conf\rs
In the property files, set the following parameters for your implementation.
|
|
protocol |
The connection protocol, such as HTTPS. |
hostname |
The name of the server host where the Self-Service application resides. |
application_name |
The name of your Self-Service application. |
port |
The port number for accessing the Self-Service application. |
sso_protocol |
The name of the single sign-on protocol, such as HTTPS. |
sso_server_hostname |
The name of the server host of the single sign-on system. |
sso_application_name |
The name of the single sign-on application. |
sso_application_port |
The single sign-on port number. |
sso_login_url |
The login URL of the single sign-on application. |
sso_logout_url |
The logout URL of the single sign-on application. |
f
- Enter Ant. The script automatically runs Options 5 - 10.
- Copy the following EAR files from the EDX_HOME
/samples/sso/CAS/target directory to the EDX_HOME/J2EEApp folder, and then redeploy the files:
- selfservice-weblogic-7.1.ear
- rs-weblogic-7.1.ear
- csr-app-7.1.ear
