guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mjum...@apache.org
Subject [05/23] incubator-guacamole-client git commit: GUACAMOLE-204: Implementation of CAS SSO module for Guacamole authentication.
Date Mon, 22 May 2017 03:29:00 GMT
GUACAMOLE-204: Implementation of CAS SSO module for Guacamole authentication.


Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/b2789700
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/b2789700
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/b2789700

Branch: refs/heads/master
Commit: b2789700768315465659baa6b0cfb3e7bd8bc506
Parents: 1c197ae
Author: Nick Couchman <vnick@apache.org>
Authored: Fri Feb 10 08:59:37 2017 -0500
Committer: Nick Couchman <nick.couchman@yahoo.com>
Committed: Wed May 17 08:54:21 2017 -0400

----------------------------------------------------------------------
 extensions/guacamole-auth-cas/.gitignore        |   3 +
 extensions/guacamole-auth-cas/LICENSE           | 220 +++++++++++++++++++
 extensions/guacamole-auth-cas/README.md         |  10 +
 extensions/guacamole-auth-cas/pom.xml           | 146 ++++++++++++
 .../src/main/assembly/dist.xml                  |  53 +++++
 .../auth/cas/AuthenticationProviderService.java | 111 ++++++++++
 .../auth/cas/CASAuthenticationProvider.java     | 107 +++++++++
 .../cas/CASAuthenticationProviderModule.java    |  83 +++++++
 .../auth/cas/conf/CASGuacamoleProperties.java   |  62 ++++++
 .../auth/cas/conf/ConfigurationService.java     |  73 ++++++
 .../guacamole/auth/cas/form/CASTicketField.java |  99 +++++++++
 .../cas/ticket/TicketValidationService.java     |  81 +++++++
 .../auth/cas/user/AuthenticatedUser.java        |  73 ++++++
 .../src/main/resources/cas.css                  |  23 ++
 .../src/main/resources/casConfig.js             |  51 +++++
 .../src/main/resources/casController.js         |  30 +++
 .../src/main/resources/casModule.js             |  29 +++
 .../src/main/resources/guac-manifest.json       |  22 ++
 pom.xml                                         |   1 +
 19 files changed, 1277 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/.gitignore
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/.gitignore b/extensions/guacamole-auth-cas/.gitignore
new file mode 100644
index 0000000..c3a023f
--- /dev/null
+++ b/extensions/guacamole-auth-cas/.gitignore
@@ -0,0 +1,3 @@
+*~
+target/
+META-INF/

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/LICENSE
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/LICENSE b/extensions/guacamole-auth-cas/LICENSE
new file mode 100644
index 0000000..7378dfb
--- /dev/null
+++ b/extensions/guacamole-auth-cas/LICENSE
@@ -0,0 +1,220 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+
+==============================================================================
+
+APACHE GUACAMOLE SUBCOMPONENTS
+
+Apache Guacamole includes a number of subcomponents with separate copyright
+notices and license terms. Your use of these subcomponents is subject to the
+terms and conditions of the following licenses.
+
+
+Carlito (http://code.google.com/p/chromium/issues/detail?id=280557)
+-------------------------------------------------------------------
+
+    Version: N/A
+    From: 'tyPoland Lukasz Dziedzic' (http://www.lukaszdziedzic.eu/)
+    License(s):
+        SIL Open Font (guacamole/src/licenses/bundled/carlito/LICENSE)

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/README.md
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/README.md b/extensions/guacamole-auth-cas/README.md
new file mode 100644
index 0000000..8af4e46
--- /dev/null
+++ b/extensions/guacamole-auth-cas/README.md
@@ -0,0 +1,10 @@
+# guacamole-auth-cas
+CAS SSO Module for Guacamole
+
+This is an extension module for Guacamole that authenticates using a CAS SSO backend.
+
+There are two parameters to add to the guacamole.properties file:
+- cas-authorization-endpoint -> The URL of the CAS server.
+- cas-redirect-uri -> Where the CAS server should redirect back to after a successful login.
+
+This module was written using source code provided by Mike Jumper for the OpenID (OAUTH) module and modified to fit the CAS authentication process.

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/pom.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/pom.xml b/extensions/guacamole-auth-cas/pom.xml
new file mode 100644
index 0000000..fbb44c3
--- /dev/null
+++ b/extensions/guacamole-auth-cas/pom.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                        http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.guacamole</groupId>
+    <artifactId>guacamole-auth-cas</artifactId>
+    <packaging>jar</packaging>
+    <version>0.9.11-incubating</version>
+    <name>guacamole-auth-cas</name>
+    <url>http://guacamole.incubator.apache.org/</url>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <build>
+        <plugins>
+
+            <!-- Written for 1.6 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.3</version>
+                <configuration>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                    <compilerArgs>
+                        <arg>-Xlint:all</arg>
+                        <arg>-Werror</arg>
+                    </compilerArgs>
+                    <fork>true</fork>
+                </configuration>
+            </plugin>
+
+            <!-- Copy dependencies prior to packaging -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <version>2.10</version>
+                <executions>
+                    <execution>
+                        <id>unpack-dependencies</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>unpack-dependencies</goal>
+                        </goals>
+                        <configuration>
+                            <includeScope>runtime</includeScope>
+                            <outputDirectory>${project.build.directory}/classes</outputDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <!-- Assembly plugin - for easy distribution -->
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>2.5.3</version>
+                <configuration>
+                    <finalName>${project.artifactId}-${project.version}</finalName>
+                    <appendAssemblyId>false</appendAssemblyId>
+                    <descriptors>
+                        <descriptor>src/main/assembly/dist.xml</descriptor>
+                    </descriptors>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>make-dist-archive</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+        </plugins>
+    </build>
+
+    <dependencies>
+
+        <!-- Guacamole Java API -->
+        <dependency>
+            <groupId>org.apache.guacamole</groupId>
+            <artifactId>guacamole-common</artifactId>
+            <version>0.9.10-incubating</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Guacamole Extension API -->
+        <dependency>
+            <groupId>org.apache.guacamole</groupId>
+            <artifactId>guacamole-ext</artifactId>
+            <version>0.9.11-incubating</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+          <groupId>org.jasig.cas.client</groupId>
+          <artifactId>cas-client-core</artifactId>
+          <version>3.4.1</version>
+        </dependency>
+        <!-- Guice -->
+        <dependency>
+            <groupId>com.google.inject</groupId>
+            <artifactId>guice</artifactId>
+            <version>3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.inject.extensions</groupId>
+            <artifactId>guice-multibindings</artifactId>
+            <version>3.0</version>
+        </dependency>
+
+        <!-- Java servlet API -->
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <scope>provided</scope>
+        </dependency>
+
+
+    </dependencies>
+
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/assembly/dist.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/assembly/dist.xml b/extensions/guacamole-auth-cas/src/main/assembly/dist.xml
new file mode 100644
index 0000000..b89fd53
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/assembly/dist.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+<assembly
+    xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
+    
+    <id>dist</id>
+    <baseDirectory>${project.artifactId}-${project.version}</baseDirectory>
+
+    <!-- Output tar.gz -->
+    <formats>
+        <format>tar.gz</format>
+    </formats>
+
+    <!-- Include licenses and extension .jar -->
+    <fileSets>
+
+        <!-- Include licenses -->
+        <fileSet>
+            <outputDirectory></outputDirectory>
+            <directory>src/licenses</directory>
+        </fileSet>
+
+        <!-- Include extension .jar -->
+        <fileSet>
+            <directory>target</directory>
+            <outputDirectory></outputDirectory>
+            <includes>
+                <include>*.jar</include>
+            </includes>
+        </fileSet>
+
+    </fileSets>
+
+</assembly>

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
new file mode 100644
index 0000000..2222a86
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Arrays;
+import java.util.Enumeration;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.form.Field;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
+import org.apache.guacamole.auth.cas.conf.ConfigurationService;
+import org.apache.guacamole.auth.cas.form.CASTicketField;
+import org.apache.guacamole.auth.cas.ticket.TicketValidationService;
+import org.apache.guacamole.auth.cas.user.AuthenticatedUser;
+
+/**
+ * Service providing convenience functions for the CAS AuthenticationProvider
+ * implementation.
+ *
+ * @author Nick Couchman
+ */
+public class AuthenticationProviderService {
+
+    /**
+     * Service for retrieving CAS configuration information.
+     */
+    @Inject
+    private ConfigurationService confService;
+
+    /**
+     * Service for validating received ID tickets.
+     */
+    @Inject
+    private TicketValidationService ticketService;
+
+    /**
+     * Provider for AuthenticatedUser objects.
+     */
+    @Inject
+    private Provider<AuthenticatedUser> authenticatedUserProvider;
+
+    /**
+     * Returns an AuthenticatedUser representing the user authenticated by the
+     * given credentials.
+     *
+     * @param credentials
+     *     The credentials to use for authentication.
+     *
+     * @return
+     *     An AuthenticatedUser representing the user authenticated by the
+     *     given credentials.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while authenticating the user, or if access is
+     *     denied.
+     */
+    public AuthenticatedUser authenticateUser(Credentials credentials)
+            throws GuacamoleException {
+
+        String ticket = null;
+
+        // Pull CAS ticket from request if present
+        HttpServletRequest request = credentials.getRequest();
+        if (request != null) {
+            ticket = request.getParameter(CASTicketField.PARAMETER_NAME);
+            if (ticket != null) {
+                AuthenticatedUser authenticatedUser = authenticatedUserProvider.get();
+                authenticatedUser.init(ticketService.processUsername(ticket), credentials);
+                return authenticatedUser;
+            }
+        }
+
+        // Request CAS ticket
+        throw new GuacamoleInvalidCredentialsException("Invalid login.",
+            new CredentialsInfo(Arrays.asList(new Field[] {
+
+                // CAS-specific ticket (will automatically redirect the user
+                // to the authorization page via JavaScript)
+                new CASTicketField(
+                    confService.getAuthorizationEndpoint(),
+                    confService.getRedirectURI()
+                )
+
+            }))
+        );
+
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProvider.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProvider.java
new file mode 100644
index 0000000..1817946
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProvider.java
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas;
+
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.AuthenticationProvider;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.UserContext;
+
+/**
+ * Guacamole authentication backend which authenticates users using an
+ * arbitrary external system implementing CAS. No storage for connections is
+ * provided - only authentication. Storage must be provided by some other
+ * extension.
+ *
+ * @author Michael Jumper
+ */
+public class CASAuthenticationProvider implements AuthenticationProvider {
+
+    /**
+     * Injector which will manage the object graph of this authentication
+     * provider.
+     */
+    private final Injector injector;
+
+    /**
+     * Creates a new CASAuthenticationProvider that authenticates users
+     * against an CAS service
+     *
+     * @throws GuacamoleException
+     *     If a required property is missing, or an error occurs while parsing
+     *     a property.
+     */
+    public CASAuthenticationProvider() throws GuacamoleException {
+
+        // Set up Guice injector.
+        injector = Guice.createInjector(
+            new CASAuthenticationProviderModule(this)
+        );
+
+    }
+
+    @Override
+    public String getIdentifier() {
+        return "cas";
+    }
+
+    @Override
+    public AuthenticatedUser authenticateUser(Credentials credentials)
+            throws GuacamoleException {
+
+        // Attempt to authenticate user with given credentials
+        AuthenticationProviderService authProviderService = injector.getInstance(AuthenticationProviderService.class);
+        return authProviderService.authenticateUser(credentials);
+
+    }
+
+    @Override
+    public AuthenticatedUser updateAuthenticatedUser(
+            AuthenticatedUser authenticatedUser, Credentials credentials)
+            throws GuacamoleException {
+
+        // No update necessary
+        return authenticatedUser;
+
+    }
+
+    @Override
+    public UserContext getUserContext(AuthenticatedUser authenticatedUser)
+            throws GuacamoleException {
+
+        // No associated data whatsoever
+        return null;
+
+    }
+
+    @Override
+    public UserContext updateUserContext(UserContext context,
+            AuthenticatedUser authenticatedUser, Credentials credentials)
+            throws GuacamoleException {
+
+        // No update necessary
+        return context;
+
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProviderModule.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProviderModule.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProviderModule.java
new file mode 100644
index 0000000..861cb70
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProviderModule.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas;
+
+import org.apache.guacamole.auth.cas.conf.ConfigurationService;
+import com.google.inject.AbstractModule;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.Environment;
+import org.apache.guacamole.environment.LocalEnvironment;
+import org.apache.guacamole.net.auth.AuthenticationProvider;
+import org.apache.guacamole.auth.cas.ticket.TicketValidationService;
+
+/**
+ * Guice module which configures CAS-specific injections.
+ *
+ * @author Michael Jumper
+ */
+public class CASAuthenticationProviderModule extends AbstractModule {
+
+    /**
+     * Guacamole server environment.
+     */
+    private final Environment environment;
+
+    /**
+     * A reference to the CASAuthenticationProvider on behalf of which this
+     * module has configured injection.
+     */
+    private final AuthenticationProvider authProvider;
+
+    /**
+     * Creates a new CAS authentication provider module which configures
+     * injection for the CASAuthenticationProvider.
+     *
+     * @param authProvider
+     *     The AuthenticationProvider for which injection is being configured.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the Guacamole server
+     *     environment.
+     */
+    public CASAuthenticationProviderModule(AuthenticationProvider authProvider)
+            throws GuacamoleException {
+
+        // Get local environment
+        this.environment = new LocalEnvironment();
+
+        // Store associated auth provider
+        this.authProvider = authProvider;
+
+    }
+
+    @Override
+    protected void configure() {
+
+        // Bind core implementations of guacamole-ext classes
+        bind(AuthenticationProvider.class).toInstance(authProvider);
+        bind(Environment.class).toInstance(environment);
+
+        // Bind CAS-specific services
+        bind(ConfigurationService.class);
+        bind(TicketValidationService.class);
+
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
new file mode 100644
index 0000000..df7075c
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas.conf;
+
+import org.apache.guacamole.properties.StringGuacamoleProperty;
+
+/**
+ * Provides properties required for use of the CAS authentication provider.
+ * These properties will be read from guacamole.properties when the CAS
+ * authentication provider is used.
+ *
+ * @author Nick Couchman
+ */
+public class CASGuacamoleProperties {
+
+    /**
+     * This class should not be instantiated.
+     */
+    private CASGuacamoleProperties() {}
+
+    /**
+     * The authorization endpoint (URI) of the CAS service.
+     */
+    public static final StringGuacamoleProperty CAS_AUTHORIZATION_ENDPOINT =
+            new StringGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "cas-authorization-endpoint"; }
+
+    };
+
+    /**
+     * The URI that the CAS service should redirect to after the
+     * authentication process is complete. This must be the full URL that a
+     * user would enter into their browser to access Guacamole.
+     */
+    public static final StringGuacamoleProperty CAS_REDIRECT_URI =
+            new StringGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "cas-redirect-uri"; }
+
+    };
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
new file mode 100644
index 0000000..f996add
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas.conf;
+
+import com.google.inject.Inject;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.Environment;
+
+/**
+ * Service for retrieving configuration information regarding the CAS service.
+ *
+ * @author Nick Couchman
+ */
+public class ConfigurationService {
+
+    /**
+     * The Guacamole server environment.
+     */
+    @Inject
+    private Environment environment;
+
+    /**
+     * Returns the authorization endpoint (URI) of the CAS service as
+     * configured with guacamole.properties.
+     *
+     * @return
+     *     The authorization endpoint of the CAS service, as configured with
+     *     guacamole.properties.
+     *
+     * @throws GuacamoleException
+     *     If guacamole.properties cannot be parsed, or if the authorization
+     *     endpoint property is missing.
+     */
+    public String getAuthorizationEndpoint() throws GuacamoleException {
+        return environment.getRequiredProperty(CASGuacamoleProperties.CAS_AUTHORIZATION_ENDPOINT);
+    }
+
+    /**
+     * Returns the URI that the CAS service should redirect to after
+     * the authentication process is complete, as configured with
+     * guacamole.properties. This must be the full URL that a user would enter
+     * into their browser to access Guacamole.
+     *
+     * @return
+     *     The client secret to use when communicating with the CAS service,
+     *     as configured with guacamole.properties.
+     *
+     * @throws GuacamoleException
+     *     If guacamole.properties cannot be parsed, or if the redirect URI
+     *     property is missing.
+     */
+    public String getRedirectURI() throws GuacamoleException {
+        return environment.getRequiredProperty(CASGuacamoleProperties.CAS_REDIRECT_URI);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/form/CASTicketField.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/form/CASTicketField.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/form/CASTicketField.java
new file mode 100644
index 0000000..51bd117
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/form/CASTicketField.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas.form;
+
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.net.URLEncoder;
+import java.security.SecureRandom;
+import org.apache.guacamole.form.Field;
+
+
+/**
+ * Field definition which represents the ticket returned by an CAS service.
+ * Within the user interface, this will be rendered as an appropriate "Log in
+ * with ..." button which links to the CAS service.
+ *
+ * @author Nick Couchman
+ */
+public class CASTicketField extends Field {
+
+    /**
+     * The standard HTTP parameter which will be included within the URL by all
+     * CAS services upon successful authentication and redirect.
+     */
+    public static final String PARAMETER_NAME = "ticket";
+
+    /**
+     * The full URI which the field should link to.
+     */
+    private final String authorizationURI;
+
+    /**
+     * Creates a new CAS "ticket" field which links to the given CAS
+     * service using the provided client ID. Successful authentication at the
+     * CAS service will result in the client being redirected to the specified
+     * redirect URI. The CAS ticket will be embedded in the fragment (the part
+     * following the hash symbol) of that URI, which the JavaScript side of
+     * this extension will move to the query parameters.
+     *
+     * @param authorizationEndpoint
+     *     The full URL of the endpoint accepting CAS authentication
+     *     requests.
+     *
+     * @param clientID
+     *     The ID of the CAS client. This is normally determined ahead of
+     *     time by the CAS service through some manual credential request
+     *     procedure.
+     *
+     * @param redirectURI
+     *     The URI that the CAS service should redirect to upon successful
+     *     authentication.
+     */
+    public CASTicketField(String authorizationEndpoint, String redirectURI) {
+
+        // Init base field properties
+        super(PARAMETER_NAME, "GUAC_CAS_TICKET");
+
+        // Build authorization URI from given values
+        try {
+            this.authorizationURI = authorizationEndpoint
+                    + "?service=" + URLEncoder.encode(redirectURI, "UTF-8");
+        }
+
+        // Java is required to provide UTF-8 support
+        catch (UnsupportedEncodingException e) {
+            throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e);
+        }
+
+    }
+
+    /**
+     * Returns the full URI that this field should link to when a new ticket
+     * needs to be obtained from the CAS service.
+     *
+     * @return
+     *     The full URI that this field should link to.
+     */
+    public String getAuthorizationURI() {
+        return authorizationURI;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
new file mode 100644
index 0000000..0bdb584
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas.ticket;
+
+import com.google.inject.Inject;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.GuacamoleServerException;
+import org.apache.guacamole.auth.cas.conf.ConfigurationService;
+import org.jasig.cas.client.authentication.AttributePrincipal;
+import org.jasig.cas.client.validation.Assertion;
+import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
+import org.jasig.cas.client.validation.TicketValidationException;
+
+/**
+ * Service for validating ID tickets forwarded to us by the client, verifying
+ * that they did indeed come from the CAS service.
+ *
+ * @author Nick Couchman
+ */
+public class TicketValidationService {
+
+    /**
+     * Service for retrieving CAS configuration information.
+     */
+    @Inject
+    private ConfigurationService confService;
+
+    /**
+     * Validates and parses the given ID ticket, returning the username contained
+     * therein, as defined by the username claim type given in
+     * guacamole.properties. If the username claim type is missing or the ID
+     * ticket is invalid, an exception is thrown instead.
+     *
+     * @param ticket
+     *     The ID ticket to validate and parse.
+     *
+     * @return
+     *     The username contained within the given ID ticket.
+     *
+     * @throws GuacamoleException
+     *     If the ID ticket is not valid, the username claim type is missing, or
+     *     guacamole.properties could not be parsed.
+     */
+    public String processUsername(String ticket) throws GuacamoleException {
+        AttributePrincipal principal = null;
+
+        // Retrieve the configured CAS URL and establish a ticket validator
+        String casServerUrl = confService.getAuthorizationEndpoint();
+        Cas20ProxyTicketValidator sv = new Cas20ProxyTicketValidator(casServerUrl);
+        sv.setAcceptAnyProxy(true);
+        try {
+            String confRedirectURI = confService.getRedirectURI();
+            Assertion a = sv.validate(ticket, confRedirectURI);
+            principal = a.getPrincipal();
+        } 
+        catch (TicketValidationException e)
+            Throw new GuacamoleException("Ticket validation failed.", e);
+
+        return principal.getName();
+
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/user/AuthenticatedUser.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/user/AuthenticatedUser.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/user/AuthenticatedUser.java
new file mode 100644
index 0000000..6f1423e
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/user/AuthenticatedUser.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas.user;
+
+import com.google.inject.Inject;
+import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
+import org.apache.guacamole.net.auth.AuthenticationProvider;
+import org.apache.guacamole.net.auth.Credentials;
+
+/**
+ * An CAS-specific implementation of AuthenticatedUser, associating a
+ * username and particular set of credentials with the CAS authentication
+ * provider.
+ *
+ * @author Michael Jumper
+ */
+public class AuthenticatedUser extends AbstractAuthenticatedUser {
+
+    /**
+     * Reference to the authentication provider associated with this
+     * authenticated user.
+     */
+    @Inject
+    private AuthenticationProvider authProvider;
+
+    /**
+     * The credentials provided when this user was authenticated.
+     */
+    private Credentials credentials;
+
+    /**
+     * Initializes this AuthenticatedUser using the given username and
+     * credentials.
+     *
+     * @param username
+     *     The username of the user that was authenticated.
+     *
+     * @param credentials
+     *     The credentials provided when this user was authenticated.
+     */
+    public void init(String username, Credentials credentials) {
+        this.credentials = credentials;
+        setIdentifier(username.toLowerCase());
+    }
+
+    @Override
+    public AuthenticationProvider getAuthenticationProvider() {
+        return authProvider;
+    }
+
+    @Override
+    public Credentials getCredentials() {
+        return credentials;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/resources/cas.css
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/resources/cas.css b/extensions/guacamole-auth-cas/src/main/resources/cas.css
new file mode 100644
index 0000000..dc83577
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/resources/cas.css
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/* Hide login dialog */
+.login-ui div.login-dialog {
+    display: none;
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/resources/casConfig.js
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/resources/casConfig.js b/extensions/guacamole-auth-cas/src/main/resources/casConfig.js
new file mode 100644
index 0000000..79e5698
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/resources/casConfig.js
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Config block which registers CAS-specific field types.
+ */
+angular.module('guacCAS').config(['formServiceProvider',
+        function guacCASConfig(formServiceProvider) {
+
+    // Define field for ticket from CAS service
+    formServiceProvider.registerFieldType("GUAC_CAS_TICKET", {
+        templateUrl   : '',
+        controller    : 'guacCASController',
+        module        : 'guacCAS'
+    });
+
+}]);
+
+/**
+ * Config block which augments the existing routing, providing special handling
+ * for the "ticket=" fragments provided by OpenID Connect.
+ */
+angular.module('index').config(['$routeProvider',
+        function indexRouteConfig($routeProvider) {
+
+    var curPath = window.location.href;
+    var ticketPos = curPath.indexOf("?ticket=") + 8;
+    var hashPos = curPath.indexOf("#/");
+    if(ticketPos > 0 && ticketPos < hashPos) {
+        var ticket = curPath.substring(ticketPos, hashPos);
+        var newPath = curPath.substring(0,ticketPos - 8) + '#/?ticket=' + ticket;
+        window.location=newPath;
+    }
+
+}]);

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/resources/casController.js
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/resources/casController.js b/extensions/guacamole-auth-cas/src/main/resources/casController.js
new file mode 100644
index 0000000..3ef1801
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/resources/casController.js
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Controller for the "GUAC_CAS_TICKET" field which simply redirects the user
+ * immediately to the authorization URI.
+ */
+angular.module('guacCAS').controller('guacCASController', ['$scope', 
+    function guacCASController($scope) {
+
+        // Redirect to authorization URI
+        window.location = $scope.field.authorizationURI;
+
+}]);

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/resources/casModule.js
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/resources/casModule.js b/extensions/guacamole-auth-cas/src/main/resources/casModule.js
new file mode 100644
index 0000000..bd789dd
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/resources/casModule.js
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Module which provides handling for CAS authentication.
+ */
+angular.module('guacCAS', [
+    'form',
+    'ngRoute',
+]);
+
+// Ensure the CAS module is loaded along with the rest of the app
+angular.module('index').requires.push('guacCAS');

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/extensions/guacamole-auth-cas/src/main/resources/guac-manifest.json
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/resources/guac-manifest.json b/extensions/guacamole-auth-cas/src/main/resources/guac-manifest.json
new file mode 100644
index 0000000..5bfb5f7
--- /dev/null
+++ b/extensions/guacamole-auth-cas/src/main/resources/guac-manifest.json
@@ -0,0 +1,22 @@
+{
+
+    "guacamoleVersion" : "0.9.11-incubating",
+
+    "name"      : "CAS Authentication Extension",
+    "namespace" : "guac-cas",
+
+    "authProviders" : [
+        "org.apache.guacamole.auth.cas.CASAuthenticationProvider"
+    ],
+
+    "js" : [
+        "casModule.js",
+        "casController.js",
+        "casConfig.js"
+    ],
+
+    "css" : [
+        "cas.css"
+    ]
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/b2789700/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 990d1f9..e2f700c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,6 +49,7 @@
         <module>guacamole-common-js</module>
 
         <!-- Authentication extensions -->
+        <module>extensions/guacamole-auth-cas</module>
         <module>extensions/guacamole-auth-duo</module>
         <module>extensions/guacamole-auth-header</module>
         <module>extensions/guacamole-auth-jdbc</module>


Mime
View raw message