Currently, all the clients supplied as part of WebSSO can be used only with programmatic security, where there is a login page/framework which can be replaced by a call to the CAS server to authenticate the user. Applications such as OpenClinica utilize the Tomcat container's declarative security, where Tomcat controls the user's authentication as well as access to resources that are configured to be protected. An open source CAS client called Soulwing is utilized, which allows integration of CAS Authentication Framework into Tomcat's Security Realm.
This package allows the declarative authentication to be replaced with a call to WebSSO's CAS server, while still allowing access control to be managed by Tomcat. However, the Soulwing client needed to be modified to work with the WebSSO Server, as additional attributes are passed to maintain grid login session along with standard CAS attributes.
Additionally, another servlet was required in the package to disable strict hostname checking while connecting from the Client side (OpenClinica) to the CAS Server side over HTTPS. This is due to the fact that WebSSO generates the host identity with "host" prefix to distinguish them from user identity.