- CAS server (you can download it from here - https://www.apereo.org/projects/cas/download-cas). But in this tutorial, we're using cas server version 3.5.2
- Maven (for build CAS Server)
- Tomcat (we used apache-tomcat-7.0.42)
* One more thing, please make sure maven has been setup on your local machine.This will be used for build the CAS Server (See here for tutorial: http://thisismynota.blogspot.com/2014/02/install-maven-on-centos-65.html)
Steps:
- Download the CAS Server and extract it.
- Go to the extracted file using command line (Console) and edit file pom.xml
cd cas-server-3.5.2/cas-server-webapp
vi pom.xml
- Now add the following lines before </dependencies> tag
<dependency>
<groupid>org.jasig.cas</groupid>
<artifactid>cas-server-support-ldap</artifactid>
<version>3.5.2</version>
</dependency>
- Next, build the CAS Server
cd cas-server-3.5.2/cas-server-webapp
mvn install package
* wait until you see BUILD SUCCESSFUL
- Next, copy cas.war file on cas-server-3.5.2/cas-server-webapp/target folder and paste into tomcat webapps folder and start the tomcat server
cp cas-server-3.5.2/cas-server-webapp/target/cas.war /apache-tomcat-7.0.42/webapps
./apache-tomcat-7.0.42/bin/startup.sh
- After startup complete, down the tomcat We need to edit deployerConfigContext.xml file
./apache-tomcat-7.0.42/bin/shutdown.sh
vi /apache-tomcat-7.0.42/webapps/cas/WEB-INF/deployerConfigContext.xml
- Find the <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> words and comment it. Add BindLdapAuthenticationHandler tag under the commented line. You'll have something like below:
<!--bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswo rdAuthenticationHandler" / -->
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" p:filter="cn=%u" p:searchBase="ou=user,dc=example,dc=com,dc=my" p:contextSourceref="contextSource" />
* note that, in this example the CAS will authenticate using cn (common name). If you like to using another options of authentication e.g mail or etc, change the red coloured text as per your environment configuration.
- On the same file (deployerConfigContext.xml), put the following lines before</beans> tag. (Again, please change all the red coloured text as per your environment configuration):
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<! DO NOT enable JNDI pooling for context sources that perform LDAP bind operations. >
<property name="pooled" value="false"/>
<!-- Although multiple URLs may defined, it's strongly recommended to avoid this configuration since the implementation attempts hosts in sequence and requires a connection timeout prior to attempting the next host, which incurs unacceptable latency on node failure. A proper HA setup for LDAP directories should use a single virtual host that maps to
multiple real hosts using a hardware load balancer. -->
<property name="url" value="ldap://your_ldap_server_address:389" />
<!-- Manager credentials are only required if your directory does not support anonymous searches. Never provide these credentials for FastBindLdapAuthenticationHandler since the user's credentials are used for the bind operation. -->
<property name="userDn" value="cn=Manager,dc=example,dc=com,dc=my"/>
<property name="password" value="your_ldap_manager_password"/>
<!-- Place JNDI environment properties here. -->
<property name="baseEnvironmentProperties">
<map>
<!-- Three seconds is an eternity to users. -->
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
<!-- Explained at http://download.oracle.com/javase/1.3/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION -->
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean>
- In order tomake CAS work properly, we must enable SSL on tomcat. In this example we used self-signed certificate to make the CAS Server running on SSL protocol. Generate self-signed certificate.
keytool -genkey -alias sso -keyalg RSA -keysize 2048 -keystore sso.jks
Enable SSL on tomcat
vi /apache-tomcat-7.0.42/conf/server.xml
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="1000"
minSpareThreads="25" protocol="HTTP/1.1" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/sso.jks"
keystorePass="changeit" />
- Start the tomcat and access your CAS Server using https://localhost:8443