Stephan Oudmaijer (Migrated from SEC-1344) said:
The CAS documentation for Spring Security is vague and contains a few errors.
First, the element contains the tag <security:custom-authentication-provider /> which is not allowed by the spring-security-3.0.xsd.
I have configured the authentication provider accordingly:
Second, the security:http section can be more specific IMHO. I have configured it like shown below. I don`t know if this is 'the' way to configure it, but it works.
<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter">/security:custom-filter
Third, the contains the properties and which do not exist anymore.
Once you have figured this out, it works really great ;-)
Luke Taylor said:
Thanks for reporting these. I've updated the CAS section to correct the configurations.