We used cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. What For?

« Back to Blogs

Configuration of OAuth client support in CAS server on Tomcat 6

For CAS version >= 3.5.1  (I have used CAS Server version 3.5.2 )

(1) First download CAS Server from the following link:




(2) Unzip the downloaded file.


(3) Now go to path-to-cas-server-3.5.2/modules folder and copy cas-server-webapp-3.5.2.war file.


(4) Put the war file in webapps folder of Tomcat 6 server on which you want to deploy.


(5) Restart the server and check whether cas server is working for its default behaviour (i.e same userid and password)


For example,




(6) Now we must make changes to cas-server to have OAuth client support in it, for this follow below steps :


(6.1) Go to path-to-cas-server-3.5.2/modules folder and copy as-server-support-oauth-3.5.2.jar and paste it in path-to-tomcat/webapps/cas-server-webapp-3.5.2/WEB-INF/lib folder.


(6.2) Edit applicationContext.xml file from path-to-tomcat/webapps/cas-server-webapp-3.5.2/WEB-INF/ spring-configuration folder.


Add following content


<bean id="facebook" class="org.scribe.up.provider.impl.FacebookProvider">

<property name="key" value="the_key_for_facebook" />

<property name="secret" value="the_secret_for_facebook" />



<bean id="twitter" class="org.scribe.up.provider.impl.TwitterProvider">

<property name="key" value="the_key_for_twitter" />

<property name="secret" value="the_secret_for_twitter" />



<bean id="google" class="org.scribe.up.provider.impl.GoogleProvider">

<property name="key" value="the_key_for_google" />

<property name="secret" value="the_secret_for_google" />



<bean id="yahoo" class="org.scribe.up.provider.impl.YahooProvider">

<property name="key" value="the_key_for_yahoo" />

<property name="secret" value="the_secret_for_yahoo" />



<bean id="linkedin" class="org.scribe.up.provider.impl.LinkedInProvider">

<property name="key" value="the_key_for_linkedin" />

<property name="secret" value="the_secret_for_linkedin" />



<bean id="github" class="org.scribe.up.provider.impl.GitHubProvider">

<property name="key" value="the_key_for_github" />

<property name="secret" value="the_secret_for_github" />



<bean id="live" class="org.scribe.up.provider.impl.WindowsLiveProvider">

<property name="key" value="the_key_for_live" />

<property name="secret" value="the_secret_for_live" />



<bean id="wordpress" class="org.scribe.up.provider.impl.WordPressProvider">

<property name="key" value="the_key_for_wordpress" />

<property name="secret" value="the_secret_for_wordpress" />



<bean id="caswrapper" class="org.jasig.cas.support.oauth.provider.impl.CasWrapperProvider20">

<property name="key" value="the_key_for_caswrapper" />

<property name="secret" value="the_secret_for_caswrapper" />

<property name="serverUrl" value="http://mycasserverwithoauthwrapper/oauth2.0" />



In above code, we need to replace property value of "key" and "secret" in each bean with respective provider's key value and secret value, I have done with facebook, so I will mention the steps to change "key" and "secret" values for facebook.


Go to http://developers.facebook.com/ login and select Apps tab.


Enter "App. Name" and "App. Namespace" (Optional) then,

Enter "Display Name" and in "App Domain" enter localhost if your are testing it locally.


Use below mentioned site URL in "Website with Facebook Login" if you are testing it locally.

Site  URL:  http://localhost:8080 if testing locally else whatever your site url .


Also deselect provided checkbox for "Sandbox Mode" and save changes.


Replace the_key_for_facebook with App ID value and the_secret_for_facebook with App Secret value in above XML file.


Now add below content along with above content in XML file:


<bean id="oauthConfig" class="org.jasig.cas.support.oauth.OAuthConfiguration">

 <property name="loginUrl" value="http://mycasserver/login" />

 <property name="providers">


     <ref bean="facebook" />

     <ref bean="twitter" />

     <ref bean="google" />

     <ref bean="yahoo" />

     <ref bean="linkedin" />

     <ref bean="github" />

     <ref bean="caswrapper" />

     <ref bean="live" />

     <ref bean="wordpress" />





Replace  http://mycasserver/login with your login url http://localhost:8080/cas-server-webapp-3.5.2/login. It may be defferent in your case if it is not in testing mode.


(6.3) Now edit login-webflow.xml file from path-to-tomcat/webapps/cas-server-webapp-3.5.2/WEB-INF folder.


Add below content after </on-start> tag.

<action-state id="oauthAction">

<evaluate expression="oauthAction" />

<transition on="success" to="sendTicketGrantingTicket" />

<transition on="error" to="ticketGrantingTicketExistsCheck" />




(6.4) Edit cas-servlet.xml file from WEB-INF folder and enter following content.


<bean id="oauthAction" class="org.jasig.cas.support.oauth.web.flow.OAuthAction">

<property name="centralAuthenticationService" ref="centralAuthenticationService" />

<property name="configuration" ref="oauthConfig" />



(6.5) Edit deployerConfigContext.xml file from WEB-INF folder and enter following content.

Add below content between <list></list> tag  of Property property name="authenticationHandlers" like below:

<bean class="org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler">

<property name="configuration" ref="oauthConfig" />




<property name="authenticationHandlers">


<bean class="org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler">

    <property name="configuration" ref="oauthConfig" />





Also add the following content:


<bean class="org.jasig.cas.support.oauth.authentication.principal.OAuthCredentialsToPrincipalResolver" />


Also add below content in between <list></list> tag of  property name="credentialsToPrincipalResolvers" like beolw.


<property name="credentialsToPrincipalResolvers">


   <bean class="org.jasig.cas.support.oauth.authentication.principal.OAuthCredentialsToPrincipalResolver" />




(6.6) Edit casLoginView.jsp located in WEB_INF/view/jsp/default/ui folder and add links.


<a href="${FacebookProviderUrl}">Authenticate with Facebook</a> <br />

<br />

<a href="${TwitterProviderUrl}">Authenticate with Twitter</a><br />

<br />

<a href="${GoogleProviderUrl}">Authenticate with Google</a><br />

<br />

<a href="${YahooProviderUrl}">Authenticate with Yahoo</a><br />

<br />

<a href="${LinkedInProviderUrl}">Authenticate with LinkedIn</a><br />

<br />

<a href="${GitHubProviderUrl}">Authenticate with GitHub</a><br />

<br />

<a href="${WindowsLiveProviderUrl}">Authenticate with Windows Live</a><br />

<br />

<a href="${WordPressProviderUrl}">Authenticate with WordPress</a><br />

<br />

<a href="${CasWrapperProvider20Url}">Authenticate with another CAS server using OAuth v2.0 protocol wrapper</a><br />

<br />


(6.7) Add a new servlet mapping definition in web.xml file:







Add a new intermediate controller in cas-servlet.xml file:


<bean id="oauth10loginController" class="org.jasig.cas.support.oauth.web.OAuth10LoginController">

 <property name="configuration" ref="oauthConfig" />



With the right mapping in handlerMappingC bean:


<prop key="/oauth10login">




(6.8) We are almost done with required changes, now just left to add required dependencies of JAR files in lib folder.


List of Dependencies (For Server cas-server-3.5.2)




cas-server-support-oauth-3.5.2.jar(if not already added)





contact-us Request a callback WhatsApp