How to Configure CAS v4.2.7 to enable X.509 Authentication

Question

What I have done

First, I cloned the repository of the CAS project from github and switched to the tag v4.2.7. git clone https://github.com/apereo/cas.git git checkout v4.2.7

Then I build using gradlew tool ./gradlew

Finally, I copied the artifact ./cas-server-webapp/build/libs/cas-server-webapp-4.2.7.war, and extract it to run, it just works well.

But since I want to configure the CAS using the X.509 Authentication method, the result is frustrated, because the login web flow XML file is different: all of solutions to using a X.509 Authentication method say first to substitute the generateLoginTicket with startAuthenticate like this: https://wiki.jasig.org/display/CASUM/X.509+Certificates, but the "generateLoginTicket" is gone in the file /WEB-INF/webflow/login/login.xml of the version 4.2.7. And the documentation of the CAS is also of no help, https://apereo.github.io/cas/4.2.x/installation/X509-Authentication.html

I want to study how to configure the CAS v4.2.7 using a X.509 Authentication method. I would be appreciate if you could help me out.

Answer 1

As per my personal experience with 5.0 version overlay add to pom.xml

<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-x509-webflow</artifactId>
  <version>${cas.version}</version>
</dependency>

And add proper CA certificates to the server keystore.