Support for new CAS OAuth Server Implementation

[joemccall86]

To run this demo do a mvn install on joemccall86/cas to get the custom 4.0.0-SNAPSHOT in your local maven repository.

This is still a work in progress, but what I have in this pull request shows a working demo of the new oauth support. As you can see in cas-servlet.xml I had to comment out the terminateWebSessionListener to give us more time to hit the 'Accept' button. I think we can add it back in once we can figure out how to add the confirmation step to the webflow. I have no experience with spring webflow, so it might take a little bit of time before I can get it integrated.

[leleuj]

My apologies for the avalanche of comments !

I realize that this new OAuth server support using the Spring Security OAuth library is pretty complex to put into practice.

My main comments :

• I would keep the new OAuth services brought by Misagh, because I think we have a solution in this case to avoid commenting the TerminateWebSessionListener. We could change the webflow to have a view-state instead of an end-state when it's an OAuth callback service for the final redirection to the original service
• The oauthConfiguration.xml file has to be reorganized, parametrized and put into the cas-server-support-oauthmodule. I found some part of the configuration surprising : I hope I misunderstood things...
• I would try to remote the error page to use the CAS ones.

Thanks for your incredible efforts !

[Lekan]

Hi guys, great work you guys have here. Does CAS supports all the OAuth2 grant types (Authorization Code, implicit grant, Password, & Client Credentials)?

[leleuj]

CAS only supports th authorization grant type for now.