Tag Archives: sso

Install CAS Client in a Java Application Server

6 Sep

Download CAS Client

Configure web.xml

  • Configure filter elements. Has to be the first filter in the web.xml file
<filter>
                <filter-name>CAS Authentication Filter</filter-name>
                <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
                <init-param>
                        <param-name>casServerLoginUrl</param-name>
                        <param-value>https://sso.mydomain.org:8443/cas-server-webapp-3.4.7/login</param-value>                 </init-param>
                <init-param>
                        <param-name>serverName</param-name>
                        <param-value>http://www.abc.org</param-value>                 </init-param>
                <init-param>
                        <param-name>renew</param-name>
                        <param-value>false</param-value>
                </init-param>
                <init-param>
                        <param-name>gateway</param-name>
                        <param-value>false</param-value>
                </init-param>
</filter>
<filter>
                <filter-name>CAS Validation Filter</filter-name>
                <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
                <init-param>
                        <param-name>casServerUrlPrefix</param-name>
                        <param-value>http://sso.mydomain.org:8080/cas-server-webapp-3.4.7/</param-value>                 </init-param>
                <init-param>
                        <param-name>serverName</param-name>
                        <param-value>http://www.abc.org</param-value>                 </init-param>
<!--
<init-param>
<param-name>hostnameVerifier</param-name>
<param-value>org.jasig.cas.client.ssl.AnyHostnameVerifier</param-value>
</init-param>
-->
</filter>

<filter-mapping>
                <filter-name>CAS Authentication Filter</filter-name>
                <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>

                <filter-name>CAS Validation Filter</filter-name>
                <url-pattern>/*</url-pattern>
</filter-mapping>

Installing CAS Server on Centos

21 Jul

Install Prereq software

Download and install CAS Server

Setup custom authentication

  • cd /opt/cas/cas-server-3.4.7
  • cp modules/cas-server-support-generic-3.4.7.jar /usr/share/tomcat6/webapps/cas-server-webapp-3.4.7/WEB-INF/lib
  • Edit /usr/share/tomcat6/webapps/cas-server-webapp-3.4.7/WEB-INF/lib/deployerConfigContext.xml
    • Comment out bean definition for SimpleTestUsernamePasswordAuthenticationHandler
    • Add the following bean definition replace username and password with appropriate value.
      <bean class="org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler">
          <property name="users">
             <map>
                <entry key="<username>" value="<password>" />
             </map>
          </property>
      </bean>

       

Setup SSL support using Self-Signed Certificates

— Change the server.xml and add the following:

<!– Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation –>

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”

maxThreads=”150″ scheme=”https” secure=”true”

clientAuth=”false” sslProtocol=”TLS” keystorePass=”changeit”/>

— More details at http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration

  • Restart Tomcat
    • service tomcat6 restart

Install and Configure mod_auth_cas on Apache

21 Jul

Download and install mod_auth_cas RPM

Configure mod_auth_cas in httpd.conf

  • First remove the default auth_cas.conf file as are configuring SSO at the virtual host level.
    • rm /etc/httpd/conf.d/auth_cas.conf
  • Here is the existing EC2 configuration. Note CASCookiePath HAS to be defined at a global not virtual host level.
    <VirtualHost _default_:80>
        DocumentRoot /var/www/html
        ServerName mydomain.com
        ServerAlias *.mydomain.com
    
            LoadModule auth_cas_module modules/mod_auth_cas.so
    
            # Cookie path must be given as an absolute path with a trailing slash
            CASCookiePath /var/run/mod_auth_cas/
            CASCookieDomain .mydomain.com
    
            # Certificate path may be a file or a directory of certificates symlinked by
            # their hashed names
            CASCertificatePath /etc/pki/tls/certs/
            CASValidateServer Off
            CASDebug On
    
            # The URL to the CAS server
            CASLoginURL https://sso.mydomain.org:8443/cas-server-webapp-3.4.7/login         CASValidateURL https://sso.mydomain.org:8443/cas-server-webapp-3.4.7/serviceValidate 
            RewriteEngine on
            RewriteOptions Inherit
    
    <Directory "/var/www/html">
    
        Options Indexes FollowSymLinks
    
        AllowOverride None
        AuthType CAS
        AuthName "CAS"
        require valid-user
    
        Order allow,deny
        Allow from all
    
    </Directory>
    
    </VirtualHost>