CAS Authentication setup on Tomcat
1) Download and extract Apache Tomcat to location /opt/apache-tomcat-6.0.26
2) Download CAS Server 3.4.2 final from http://www.jasig.org/cas/download
3) I imported cas.war into eclipse IDE to make the required changes.
4) Edit these parameters in WEB-INF/cas.properties
cas.securityContext.serviceProperties.service=https://mydomain.com/cas/services/j_acegi_cas_security_check
cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=https://mydomain.com/cas/login
cas.securityContext.ticketValidator.casServerUrlPrefix=https://mydomain.com/cas
host.name=cmydomain.com
Note: You can also use http instead of https for initial testing and also specify the port if you are standalone server. Ex: http://mydomain.com:8080/cas/services/j_acegi_cas_security_check
5) If you are using LDAP, edit WEB-INF/deployerConfigContext.xml with the following content. The following snippet is for using Microsoft Active Directory LDAP.
----------------------------------------------------------------
<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
<bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
<property name="httpClient" ref="httpClient" />
</bean>
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
<property name="filter" value="sAMAccountName=%u" />
<property name="contextSource" ref="contextSource" />
<property name="searchBase" value="OU=something,DC=something,DC=com"/>
<property name="ignorePartialResultException" value="yes" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="urls"><list><value>ldap://{ldaphostname}:389/</value></list></property>
<property name="userDn" value="{specify DN of your ldap bind ID}" />
<property name="password" value="encrypted_password" />
<property name="baseEnvironmentProperties">
<map>
<entry>
<key><value>java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
<entry>
<key><value>com.sun.jndi.ldap.connect.timeout</value></key>
<value>10000</value>
</entry>
<entry>
<key><value>com.sun.jndi.ldap.read.timeout</value></key>
<value>10000</value>
</entry>
</map>
</property>
</bean>
<sec:user-service id="userDetailsService">
<sec:user name="someusername" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>
----------------------------------------------------------------
6) You can replace the default header and footer by replacing WEB-INF/view/jsp/default/ui/includes/bottom.jsp and top.jsp.
7) Customize WEB-INF/view/jsp/default/ui/casLoginView.jsp with your content
8) Replace the logo image referenced in file WebContent/css/cas.css
/* HEADER --------------------------------- */
#header {position:relative; top:0; left:0; padding-top:52px; background:#fff url(../images/your-logo.jpeg) no-repeat scroll 25px 10px;}
9) Export the war file from Eclipse as cas.war and copy to webapps folder in tomcat server.
10) Optional: Edit server.xml file with these lines
<Engine name="Catalina" defaultHost="mydomain.com">
<Host name="mydomain.com" appBase="webapps"
11) Start tomcat in debug mode '/opt/apache-tomcat-6.0.26/bin/catalina.sh run debug' to capture any errors in case there any issues.
12) If authentication is successful, you can use startup.sh and shutdown.sh tomcat scripts.
posted by Jayanthi Krishnamurthy @ 5:01 PM
2 Comments
