Git Product home page Git Product logo

nexus-cas-plugin's Introduction

Nexus CAS Plugin

This is a Sonatype Nexus plugin providing authentication with Jasig CAS using its REST API.

IMPORTANT: the CAS REST API is not enabled by default, please make sure to enable it by following these instructions.

Building from source

  1. Checkout or download the source code from the latest tag on GitHub.
  2. Execute mvn clean verify from your local source code folder (install Maven if not already done).
  3. Find the nexus-cas-plugin-[version]-bundle.zip file in the target subfolder.

Installation

  1. Create a file named cas-plugin.xml in your sonatype-work/nexus/conf folder, containing at least the following:
<?xml version="1.0" encoding="UTF-8"?>
<casConfiguration>
    <casServerUrl>https://[cas-host]:[cas-port]/cas/</casServerUrl>
    <casRestTicketUrl>https://[cas-host]:[cas-port]/cas/v1/tickets/</casRestTicketUrl>
    <casService>http://[nexus-host]:[nexus-port]/nexus/</casService>
</casConfiguration>

  1. Unzip the nexus-cas-plugin bundle in your sonatype-work/nexus/plugin-repository folder.

  2. (Re)start Nexus and use the Administration -> Server panel to add the CAS Authentication Realm to the list of active realms.

  3. Watch the Nexus and CAS logs to check whether authentication is working as expected.

Configuration

The plugin configuration is stored in the sonatype-work/nexus/conf/cas-plugin.xml file. The root <casConfiguration> element may contain the following children:

  • casServerUrl (required): full URL of the CAS server to use for ticket validation (e.g. https://example.org/cas/)
  • casRestTicketUrl (required): full URL of the CAS REST API to use for authentication (e.g. https://example.org/cas/v1/tickets/)
  • casService (required): full URL of the service to present to the CAS server (e.g. http://example.org/nexus/)
  • validationProtocol (default "CAS"): CAS ticket validation protocol (CAS or SAML)
  • roleAttributeNames (default "groups,roles"): comma-separated list of role attribute names
  • connectTimeout (default "5000"): CAS REST client connect timeout (in milliseconds)
  • readTimeout (default "5000"): CAS REST client read timeout (in milliseconds)

Changelog

Version 1.0.0

  • Initial release.

Version 1.0.1

  • Fix for SAML 1.1 support.
  • Fix for IncorrectCredentialsException during authentication.
  • Support for attributes with multiple values.

Version 1.1.0

  • Support for external user/group role mappings.

Version 1.2.0

  • Compatibility with Nexus 2.7.x and higher.
  • Conversion of Plexus components to JSR-330.

Version 1.2.1

  • Compatibility with Nexus 2.8.x and higher.

nexus-cas-plugin's People

Contributors

fcrespel avatar sdorra avatar

Watchers

Daniel Sturm avatar James Cloos avatar avatar Thomas Saquet avatar Christoph Wolfes avatar Thomas Grosser avatar Robert Auer avatar Michael Behlendorf avatar avatar avatar Iwan Schindler avatar avatar

Forkers

alainlompo

nexus-cas-plugin's Issues

CAS not validating ticket on connection

Hello,

Thank you for this fork which is exactly what we need at Echoes.

Though, I tried to use this plugin with Nexus 2.12.1-01.
It works partially :

  • If I use only the CAS realm I have an error 500 from Nexus when I come back from CAS (but I'm well redirected to CAS and I can login there)
  • If I keep the default realms + CAS, i remain logged-in whatever I do (click on logout, logout from CAS -> sill logged-in in Nexus)

We noticed that when the connection happens, the URL sent to CAS is
${serviceURL defined in conf file}+"/cas/login"
When the plugin validate the ticket coming from CAS, it compares this URL with the configured URL which does not end with "/cas/login".

Could you have a look ? Thank you very much.
Thomas

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.