My favorites | Sign in
Project Home Downloads Issues Source
Project Information
Members
Featured
Downloads
Links

CAS 2.0 Authentication for Blackboard

blackboard-cas is a CAS authentication module for Blackboard. It utilizes the CAS 3.1 client library in order to connect to CAS 2.x/3.x servers (using the CAS 2.0 protocol).

blackboard-cas is based on CasAuthenticationModule, developed by the University of Bristol.

Configuration

Before building, you should edit the settings in build.properties. Settings include:

  • blackboard.home: The path to your Blackboard instance.
  • blackboard.java.home: The path to the JDK used by Blackboard.
  • blackboard.tomcat.version: The version of Tomcat Blackboard is using. Supported versions: 3, 4, 5, 6.
  • blackboard.url: The HTTP protocol and domain name to your Blackboard instance (e.g. http://blackboard.some.edu).
  • blackboard.cas: The base URL to your CAS server (e.g. http://sso.some.edu/cas).
  • blackboard.cas.isdefault: If true, CAS is used as the default authentication module.
  • blackboard.cas.logout_completely: If false, logging out of Blackboard won't log the user out of CAS.
  • blackboard.cas.use_post: If true, CAS redirects back to Blackboard using a POST request. This should be enabled if you've applied the recent XSS security patch regarding login redirection.

Building

Make a directory named lib in the blackboard-cas folder. It will need the following files (from cas-client-3.1.10-release.zip):

  • cas-client-core-3.1.10.jar
  • commons-logging-1.1.jar
  • xmlsec-1.3.0.jar

You'll also need an instance of Blackboard in C:\blackboard in order to build.

You'll need apache ant (1.8.2) and apache maven (2.2.1) to run the build. Once you have this, you can build with ant:

C:\folder\with\ant.bat -lib lib

The build process will execute the main method of the plugin, and it should crash with an invalid ticket exception. If you get a different exception, the plugin was probably unable to connect to your CAS server.

Installation

  • Copy the following files into C:\blackboard\systemlib:
    • dist\cas-bbauth.jar
    • lib\cas-client-core-3.1.10.jar
    • lib\commons-logging-1.1.jar
    • lib\xmlsec-1.3.0.jar
Then update C:\blackboard\config\authentication.properties, add the settings from dist\cas-authentication.properties to it, and change bbconfig.auth.type in C:\blackboard\config\bb-config.properties to cas.
  • Copy cas-common.classpath into C:\blackboard\config\tomcat\classpath.
  • Customize the following blackboard files by adding the lines immediately following each filename listed below, (including any leading spaces):

C:\blackboard\system\build\bin\launch-app.bat:

  rem # CAS
  set THIRD_PARTY_CP=%THIRD_PARTY_CP%;cas-bbauth.jar
  set THIRD_PARTY_CP=%THIRD_PARTY_CP%;cas-client-core-3.1.10.jar
  set THIRD_PARTY_CP=%THIRD_PARTY_CP%;xmlsec-1.3.0.jar
  set THIRD_PARTY_CP=%THIRD_PARTY_CP%;commons-logging-1.1.1.jar
  rem # CAS

C:\blackboard\system\build\bin\launch-tool.bat:

  rem # CAS
  set THIRD_PARTY_CP=%THIRD_PARTY_CP%;cas-bbauth.jar
  set THIRD_PARTY_CP=%THIRD_PARTY_CP%;cas-client-core-3.1.10.jar
  set THIRD_PARTY_CP=%THIRD_PARTY_CP%;xmlsec-1.3.0.jar
  set THIRD_PARTY_CP=%THIRD_PARTY_CP%;commons-logging-1.1.1.jar
  rem # CAS

C:\blackboard\apps\collab-server\config\wrapper.conf.bb:

# CAS
# only use cas-bbauth.jar here if collab and app server on same box 
wrapper.java.classpath.43=@@bbconfig.basedir@@/systemlib/cas-bbauth.jar
wrapper.java.classpath.44=@@bbconfig.basedir@@/systemlib/cas-client-core-3.1.10.jar
wrapper.java.classpath.45=@@bbconfig.basedir@@/systemlib/xmlsec-1.3.0.jar
wrapper.java.classpath.46=@@bbconfig.basedir@@/systemlib/commons-logging-1.1.1.jar
# CAS

C:\blackboard\apps\snapshot\config\env.cmd.bb:

rem # CAS
set CP=%CP%;%BBLIB%\cas-bbauth.jar
set CP=%CP%;%BBLIB%\cas-client-core-3.1.10.jar
set CP=%CP%;%BBLIB%\xmlsec-1.3.0.jar
rem set CP=%CP%;%BBLIB%\commons-logging-1.1.1.jar
rem # CAS

C:\blackboard\apps\content-exchange\bin\content-exchange.bat.bb:

rem # CAS
set CP=%CP%;%BBLIB%\cas-bbauth.jar
set CP=%CP%;%BBLIB%\cas-client-core-3.1.10.jar
set CP=%CP%;%BBLIB%\xmlsec-1.3.0.jar
rem set CP=%CP%;%BBLIB%\commons-logging-1.1.1.jar  # file already has this elsewhere
rem # CAS
  • Now restart the server and test your implementation.

Issues

  • Are proxy tickets supported?
No. The CAS 3.1 client library provides support for proxy tickets, but this is not yet implemented in blackboard-cas.
  • Why am I getting java.security.cert.CertificateException errors?
Your CAS server is using an SSL certificate that isn't in Java's database of trusted keys (known as the keystore). If you're using a self-signed certificate for testing purposes, you should add it to either Java's keystore or Blackboard's keystore, using keytool.
  • With BB9, the home page displays with a login form, instead of just a login button (as in BB8), but I can't log in with CAS using this form.
You will need to replace the login form with a login link (or something similar), by customizing the login page as follows:
  1. on BB: Go to Administrator > Brands and Themes > Customize Login Page. Click Download Custom Login Page and download the file.
  2. On your local system: Edit the downloaded Custom Login Page file (or edit a copy of it). Replace the login form with a link to the login url (.../webapps/login). Save the new login file.
  3. On BB: Go to Administrator > Brands and Themes > Customize Login Page. Click Upload Custom Login Page and upload the new login file.
View the blackboard home page - you should now see the link and no longer see the login form. This gets you the functionality - you may want to add other html or css to make it look nicer.
  • With BB9, an authenticated user who does not have a record in the database goes into an infinite loop.
Setting the message that a user is not in the db does not seem to be working in BB9 the way it works in BB8. Use the lookup_user_in_BB property and set it to true, to enable a manual/explicit check for the user in the database.
Powered by Google Project Hosting