This page specifically describes how to enable OAuth/OpenID server support for CAS. If you would like to have CAS act as an OAuth/OpenID client communicating with other providers (such as Google, Facebook, etc), see this page.
To get a better understanding of the OAuth/OpenID protocol support in CAS, see this page.
Support is enabled by including the following dependency in the Maven WAR overlay:
Add the OAuth20WrapperController
To add the OAuth20WrapperController, you need to add the mapping between the /oauth2.0/* url and the CAS servlet in the web.xml file:
You have to create the controller itself in the cas-servlet.xml file:
The loginUrl is the login url of the CAS server. The timeout is the lifetime of a CAS ticket granting ticket (in seconds, not in milliseconds!) with its mapping in the handlerMappingC bean (cas-servlet.xml file):
Add the needed CAS services
One service is needed to make the OAuth wrapper works in CAS. It defines the callback url after CAS authentication to return to the OAuth wrapper as a CAS service. Note: the callback url must end with “callbackAuthorize”.
Every OAuth client must be defined as a CAS service (notice the new clientId and clientSecret properties, specific to OAuth):