Problems while implementing SSO with Spring Security CAS extension

Question

I'm trying to use Spring Security CAS extension to authenticate users on my applications. Earlier there was only one application, so SSO was not needed. Now there is one more application and I want the user to log in once and use all the applications without having to go through authentication again (SSO, basically). I've a bunch of questions like these -

• All the applications I have are part of a single tomcat container and will be served via same domain. I checked Tomcat SSO Valve, but it seems to need container based authentication, I'm not really sure if I would want to use that for authentication / authorization. I'm using spring security form-based login. Do I really need something like Jasig CAS or will it be an overkill?

Spring Security and CAS deployerContext Configuration - http://pastie.org/8408976 and http://pastie.org/8408967

• I set up Spring Security CAS with Jasig server and SSO seems to work as logging in to any of the applications suffices to access the other application. I've modified the deployerConfigContext.xml to replace the inMemoryServiceRegistryDaoImpl with JPA / Hibernate one. But I always see the below line in my logs. Though the tables have been created (SERVICETICKET and so on) in my db. These tables are always empty when I try logging in and out.

  2013-10-17 16:41:18,882 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.>

• When I try to access URL https://localhost/cas/services, it returns an error "This website has a redirect loop". and I see the below piece repeating n number of times in the logs (with different ticket numbers)- http://pastie.org/8408940

• I don't have any REST or stateless services accessing authenticated resources, do I need proxy tickets at all?

Note: I'm using Spring Security 3.1.4.RELEASE and CAS server 3.5.2 version. Any pointers will be helpful.

Answer 1

I set up Spring Security CAS with Jasig server and SSO seems to work
   as logging in to any of the applications suffices to access the other
   application. I've modified the deployerConfigContext.xml to replace
   the inMemoryServiceRegistryDaoImpl with JPA / Hibernate one. But I
   always see the below line in my logs. Though the tables have been
   created (SERVICETICKET and so on) in my db. These tables are always
   empty when I try logging in and out.

When I try to access URL `https://localhost/cas/services`, it returns an error "This website has a redirect loop". and I see the

below piece repeating n number of times in the logs (with different ticket numbers)

I figured out the solution to this. This was happening as filterProcessesUrl in CAS server configuration had the string "acegi" (old name for Spring Security), which didn't match to "spring", hence the problem. Modifying that helped. Not sure why old name was hardcoded there. Also, it didn't pick up this string from cas.properties, so figuring it out was a little more difficult.

I hope to get answers for other questions.