Webflow Session

CAS uses Spring Webflow to manage the authentication sequence. Spring Webflow provides a pluggable architecture whereby various actions, decisions and operations throughout the primary authentication workflow can be easily controlled and navigated. In order for this navigation to work, some form of conversational session state must be maintained.

Client-side Sessions

CAS provides a facility for storing flow execution state on the client in Spring Webflow. Flow state is stored as an encoded byte stream in the flow execution identifier provided to the client when rendering a view. By default, CAS automatically attempts to store and keep track of this state on the client in an encrypted form via encryption and signing keys to remove the need for session cleanup, termination and replication.

The following settings and properties are available from the CAS configuration catalog:

The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting is not strictly necessary in the end-user CAS configuration, because a default value may be assigned or the feature in question may not be immediately intended for use. You may want to own the setting and update it assigned value, assuming the intended feature controlled by the setting is utilized.

  • cas.webflow.crypto.encryption.key=
  • The encryption key. The encryption key by default and unless specified otherwise must be randomly-generated string whose length is defined by the encryption key size setting.

  • cas.webflow.crypto.signing.key=
  • The signing key is a JWT whose length is defined by the signing key size setting.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.