Configuring JSON Validation Response

This is the lightweight JSON validation response for service tickets. The successful validation response contains a set of exposed principal attributes and basically looks like this:

{
 "user":"u1",
 "authenticationTime":1341844049419,
 "attributes":
     {"eduPersonAffiliation":"alumni",
      "lastName":"One",
      "firstName":"User"}
}

On the other hand, an unsuccessful validation attempt would return the following response:

{
    "authenticationFaluire": {
        "code":"xxx",
	"description":"xxx"
    }
}

where xxx would be a specific string for code and description

Of course there is a SAML validation response already baked into CAS, but over the years we've noticed a pattern where folks wanted a lightweight response with attributes and resorted to 'hack' success view JSP to do that. With this view, there is no need to do that (should one choose to use it).

After having declared the cas-addon dependency in your pom.xml file, adjust your local CAS overlay with the following changes in cas-servlet.xml:

<bean id="jsonSucessView" class="net.unicon.cas.addons.response.ServiceValidateSuccessJsonView"/>

<bean id="jsonFailureView" class="net.unicon.cas.addons.response.ServiceValidateFailureJsonView"/>

<bean id="serviceValidateController" class="org.jasig.cas.web.ServiceValidateController"
       p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
        p:centralAuthenticationService-ref="centralAuthenticationService"
        p:proxyHandler-ref="proxy20Handler"
        p:argumentExtractor-ref="casArgumentExtractor"
        p:successView="jsonSucessView"
        p:failureView="jsonFailureView"/>

On the client side, if you wish to validate the JSON response through a Java Servlet filter, use the Cas20ServiceTicketJsonValidationFilter class available in cas-java-clients-addons project which supports all the usual parameters as would normal CAS client validation filters.