eXo Platform 4.0 Documentation > Reference Guide / GateIn > Authentication and Identity > Single-Sign-On (SSO) > Central Authentication Service (CAS)

4.8.1.1. CAS server setup

Depending on your organization infrastructure, user information (basically username and password) can be stored in an independent datastore. When a user logs in eXo Platform that delegates to CAS, CAS in its turn calls the service of datastore to validate the login. If you store user information in eXo Platform, you need to configure CAS to call back the eXo Platform service to validate a login. In this case (called "callback"), eXo provides solution for user information store - an Authentication plugin named org.gatein.sso.opensso.plugin.AuthenticationPlugin that can be set on the CAS server. This plugin makes secure authentication callbacks to a RESTful service installed on the remote eXo Platform server to authenticate a user. Meanwhile, if you store user information in another external datastore rather than eXo Platform (called non-callback), you do not need to install this Authentication plugin. Instead, you need to have another Authentication plugin that is compatible with your datastore.

On the CAS server side, the following packages are required:

Deploying CAS

  1. Obtain a copy of Tomcat 7 package and extract it into the location named $CAS_TOMCAT_HOME.

  2. Go to $CAS_HOME/cas-server-webapp and execute the mvn clean install -Dmaven.test.skip=true command.

  3. Deploy CAS to Tomcat by copying $CAS_HOME/cas-server-webapp/target/cas.war into $CAS_TOMCAT_HOME/webapps.

  4. Change the default port to avoid conflicts with the default eXo Platform (for testing purposes) by replacing the 8080 port with 8888 in $CAS_TOMCAT_HOME/conf/server.xml.

    Note

    If eXo Platform is running on the same machine as Tomcat, other ports need to be changed to avoid port conflicts. They can be changed to any free port. For example, you can change the admin port from 8005 to 8805, and the AJP port from 8009 to 8809.

  5. Start the CAS Tomcat server ($CAS_TOMCAT_HOME\bin\startup.bat for Windows, or $CAS_TOMCAT_HOME/bin/startup.sh for Linux/OS X).

    Note

    At this stage, the CAS Tomcat is accessible at http://localhost:8888/cas, but unavailable for login.

After deploying CAS, you need to properly configure the CAS server. The configuration will be different between callback and non-callback cases. In paticular:

Authentication plugin setup

Note

The below procedure is for callback to eXo Platform server only. If it is not your case, bypass this.

  1. Open $CAS_TOMCAT_HOME/webapps/cas/WEB-INF/deployerConfigContext.xml, then replace:

    
    <bean
            class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

    With the following (make sure you have set the host, port and context with the values corresponding to your portal). This is also available in $GATEIN_SSO_HOME/cas/plugin/WEB-INF/deployerConfigContext.xml.

    
    <bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin">
        <property name="gateInProtocol"><value>http</value></property>
        <property name="gateInHost"><value>localhost</value></property>
        <property name="gateInPort"><value>8080</value></property>
        <property name="gateInContext"><value>portal</value></property>
        <property name="httpMethod"><value>POST</value></property>
    </bean>
  2. Copy .jar files from $GATEIN_SSO_HOME/cas/plugin/WEB-INF/lib into the $CAS_TOMCAT_HOME/webapps/cas/WEB-INF/lib directory.

    Now, you can move to the next section to configure the eXo Platform server.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus