Merge branch 'master' of gitlab.crdp.ac-versailles.fr:pascal.fautrero/cas-jasig-crdp

9f018b7e · pascal fautrero · 99720623 · 82fd66fc · 9f018b7e · 9f018b7e
Commit 9f018b7e authored Jan 24, 2014 by pascal fautrero
--- a/README.md
+++ b/README.md
+## CAS JASIG used by CRDP
+
+Architecture is described in the chiliproject documentation
--- a/pom.xml
+++ b/pom.xml
@@ -308,7 +308,7 @@
 	    </executions>
 	    <configuration>
 	        <messagesDirectory>${basedir}/src/main/webapp/WEB-INF/classes/</messagesDirectory>
-	        <mainMessagesFile>messages_en.properties</mainMessagesFile>
+	        <mainMessagesFile>messages_fr.properties</mainMessagesFile>
 	    </configuration>
 	  </plugin>
    </plugins>

--- a/src/main/webapp/WEB-INF/cas.properties
+++ b/src/main/webapp/WEB-INF/cas.properties
@@ -19,7 +19,7 @@

 ##
 # Services Management Web UI Security
-server.name=https://websso.crdp.local:8443
+server.name=https://websso.crdp.ac-versailles.fr
 server.prefix=${server.name}/cas
 cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_cas_security_check
 # Names of roles allowed to access the CAS service manager

--- a/src/main/webapp/WEB-INF/classes/messages_en.properties
+++ b/src/main/webapp/WEB-INF/classes/messages_en.properties
@@ -39,23 +39,23 @@ screen.blocked.message=You've entered the wrong password for the user too many t
 screen.confirmation.message=Click <a href="{0}">here</a> to go to the application.

 #Generic Success Screen Messages
-screen.success.header=Log In Successful
-screen.success.success=You have successfully logged into the Central Authentication Service.
-screen.success.security=For security reasons, please Log Out and Exit your web browser when you are done accessing services that require authentication!
+screen.success.header=Connexion réussie
+screen.success.success=Vous êtes désormais authentifié sur le SSO du CRDP de l'Académie de Versailles.
+screen.success.security=Pour des raisons de sécurité, pensez à fermer votre navigateur après déconnexion.

 #Logout Screen Messages
-screen.logout.header=Logout successful
-screen.logout.success=You have successfully logged out of the Central Authentication Service.
-screen.logout.security=For security reasons, exit your web browser.
+screen.logout.header=Déconnexion réussie
+screen.logout.success=Vous n'êtes plus authentifié sur le SSO du CRDP de l'Académie de Versailles.
+screen.logout.security=Pour des raisons de sécurité, fermez votre navigateur.
 screen.logout.redirect=The service from which you arrived has supplied a <a href="{0}">link you may follow by clicking here</a>.

 screen.service.sso.error.header=Re-Authentication Required to Access this Service
 screen.service.sso.error.message=You attempted to access a service that requires authentication without re-authenticating.  Please try <a href="{0}">authenticating again</a>.

 error.invalid.loginticket=You cannot attempt to re-submit a form that has been submitted already.
-required.username=Username is a required field.
-required.password=Password is a required field.
-error.authentication.credentials.bad=The credentials you provided cannot be determined to be authentic.
+required.username=Vous devez saisir un login.
+required.password=Vous devez saisir un mot de passe.
+error.authentication.credentials.bad=Mot de passe ou login invalide.
 error.authentication.credentials.unsupported=The credentials you provided are not supported by CAS.

 INVALID_REQUEST_PROXY='pgt' and 'targetService' parameters are both required
@@ -158,3 +158,5 @@ screen.warnpass.message.line2=You will be redirected to your <a href="{0}">appli
 screen.oauth.confirm.header=Authorization
 screen.oauth.confirm.message=Do you want to grant access to your complete profile to "{0}" ?
 screen.oauth.confirm.allow=Allow
+
+use.your.login=Utilisez vos identifiants du crdp de l'Académie de Versailles pour vous authentifier.
--- a/src/main/webapp/WEB-INF/deployerConfigContext.xml
+++ b/src/main/webapp/WEB-INF/deployerConfigContext.xml
@@ -127,7 +127,7 @@

                <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" 
                  p:filter="uid=%u" 
-                  p:searchBase="ou=people,dc=crdp,dc=local" 
+                  p:searchBase="ou=people,dc=crdp-versailles,dc=fr" 
                  p:contextSource-ref="contextSource" 
                  p:ignorePartialResultException="true"/>

@@ -148,7 +148,7 @@
    <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />-->

    <sec:user-service id="userDetailsService">
-        <sec:user name="toto" password="notused" authorities="ROLE_ADMIN" />
+        <sec:user name="pfautrero" password="notused" authorities="ROLE_ADMIN" />
    </sec:user-service>


@@ -194,13 +194,49 @@
                        <property name="serviceId" value="^https://websso.crdp.local:8443/cas/services/*" />
                        <property name="evaluationOrder" value="10000001" />
                    </bean> -->
-							<bean class="org.jasig.cas.services.RegisteredServiceImpl">
+    		    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
                        <property name="id" value="0" />
-                        <property name="name" value="HTTP and IMAP" />
-                        <property name="description" value="Allows HTTP(S) and IMAP(S) protocols" />
-                        <property name="serviceId" value="https://websso.crdp.local:8443/cas/services/**" />
-                        <property name="evaluationOrder" value="10000001" />                     
-							</bean>
+                        <property name="name" value="services manager" />
+                        <property name="description" value="Access to services manager" />
+                        <property name="serviceId" value="https://websso.crdp.ac-versailles.fr/cas/services/**" />
+                        <property name="evaluationOrder" value="0" />                     
+		    </bean>
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="1" />
+                        <property name="name" value="Athena" />
+                        <property name="description" value="Access to elearning plateform" />
+                        <property name="serviceId" value="http://athena.ac-versailles.fr/**" />
+                        <property name="evaluationOrder" value="1" />
+                    </bean>
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="2" />
+                        <property name="name" value="Profil Tice" />
+                        <property name="description" value="Access to Profil Tice" />
+                        <property name="serviceId" value="http://www.tice.ac-versailles.fr/profil-tice/**" />
+                        <property name="evaluationOrder" value="2" />
+                    </bean>
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="3" />
+                        <property name="name" value="Label Tice" />
+                        <property name="description" value="Access to Label Tice" />
+                        <property name="serviceId" value="http://www.labeltice.ac-versailles.fr/**" />
+                        <property name="evaluationOrder" value="3" />
+                    </bean>
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="4" />
+                        <property name="name" value="Label Tice" />
+                        <property name="description" value="Access to Label Tice" />
+                        <property name="serviceId" value="http://labeltice.ac-versailles.fr/**" />
+                        <property name="evaluationOrder" value="4" />
+                    </bean>
+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
+                        <property name="id" value="5" />
+                        <property name="name" value="Label Tice" />
+                        <property name="description" value="Access to Label Tice" />
+                        <property name="serviceId" value="http://www.labeltice.fr/**" />
+                        <property name="evaluationOrder" value="5" />
+                    </bean>
+
                </list>
            </property>
        </bean>
@@ -268,9 +304,9 @@

    <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="pooled" value="false"/>
-        <property name="url" value="ldap://websso.crdp.local:389"/>
-        <property name="userDn" value="cn=admin,dc=crdp,dc=local"/>
-        <property name="password" value="crdp213"/>
+        <property name="url" value="ldaps://masterldap.in.vty.crdp.ac-versailles.fr:636"/>
+        <property name="userDn" value="uid=cas,ou=system,dc=crdp-versailles,dc=fr"/>
+        <property name="password" value="3!ExaL0MtuZ"/>
        <property name="baseEnvironmentProperties">
            <map>
                <entry key="com.sun.jndi.ldap.connect.timeout" value="3000"/>

--- a/src/main/webapp/WEB-INF/spring-configuration/securityContext.xml
+++ b/src/main/webapp/WEB-INF/spring-configuration/securityContext.xml
@@ -75,7 +75,7 @@
  <bean id="notAuthorizedEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />

  <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
-        p:key="crdp213"
+        p:key="Fex55_v0!"
        p:serviceProperties-ref="serviceProperties"
        p:userDetailsService-ref="userDetailsService">
    <property name="ticketValidator">