Posted 2 years and 2 days ago
CAS (Central Authentication Service) is an single sign on enterprise solution protocol for web services. It aims to provide better way for permitting a user access multitude of web services each having its own means of authoritative. When the client visits an application desiring to authenticate to it, the application redirects it to CAS. CAS validates the client's authenticity, usually by checking a username and password against a database (such as Kerberos, LDAP or Active Directory). If the authentication succeeds, CAS returns the client to the application, passing along a security ticket. The application then validates the ticket by contacting CAS over a secure connection and providing its own service identifier and the ticket. CAS then gives the application trusted information about whether a particular user has successfully authenticated.
The following prerequisites need to be installed before doing CAS configurations.
1.1 Apache Tomcat 7
Download latest version of Apache tomcat 7 from h ttp://tomcat.apache.org/download70.cgi and extract it. Set path in environmental variables. Now, start server and verify tomcat is working or not.
Figure 1.2.1: Shows execution of mvn version
Download maven latest (zip or tar) from http://maven.apache.org/download.cgi extract to local drive. Set maven path ("C:\Path_to\apachemaven3.2.1\bin") in environmental variables ("PATH"). Now open command prompt and type "mvn version". It will display properties of MVN. It means, maven is successfully installed.
Download latest version of CAS bundle, extract on to the drive.
1.3.1 Installation of CAS using HTTPS
i.In the extracted CAS bundle, change directory to "cas-server-3.5.2\cas-server-webapp" using command prompt.
ii) Type the following command
c:\>mvn clean install
It shows installation process with series of text scrolling, at the end we can see a message
BUILD SUCCESS, as shown in below figure. It generates “cas.war” .
Fig 1.3.1: Shows Build process
iii)After Build process, browse to directory
“c:\path_to..\casserve3.5.2\casserverwebapp\target” , select “cas.war” and copy it to “c:\path_to….\apachetomcat7.0.52\webapps\”.
Below screenshots shows the process
Fig 1.3.2: shows cas.war
Fig 1.3.3: shows cas.war in tomcat webapps.
iv) Now, start tomcat server and check “ http://localhost:8080/cas/login ”. It shows following screen.
Fig 1.3.4: shows cas login screen
V) In order to remove the above "error"(Non secure connection) we can make the connection as "https" then "error" will resolve and will enable connection in https mode.
1.4 SSL Enable in Tomcat
To generate SSL certificate (self signed) follow below procedure with root privileges :
#keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
Note : Be sure to use the keytool that comes with the Java VM (%JAVA_HOME%/jre/bin/keytool), as on some systems the default points to the GNU version of keytool, where the two seem incompatible.Answer the questions: (note that your firstname and lastname MUST be hostname of your server and cannot be a IP address; this is very important as an IP address will fail client hostname verification even if it is correct)
Enter keystore password: changeit
Then enter the command:
#keytool -export -alias tomcat -keypass changeit -file %FILE_NAME%
Finally import the cert into Java's keystore with this command. Tomcat uses the keystore in your JRE (%JAVA_HOME%/jre/lib/security/cacerts)
#keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
Open the HTTPS port in tomcat server
Edit “server.xml“ file located at /apachetomcat7.0.26/conf/server.xml and uncomment the below :
<!--Define a SSL HTTP/1.1 Connector on port 8443-- > <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />.
Now, check your https connection using URL https://localhost:8443/
Note: Here we have to use password for certificate generation is "changeit". other wise it will show error like "key tampered or password wrong".
Now https enabled in CAS server.If you accessing with https connection it will show the following screen without any error
Fig 1.4.1: Shows cas login screen without error
Note : Default username and password for CAS is
username : admin
password : admin
If you login with the above credentials, shows a login success message on the screen.