Depending on your organization infrastructure, user information (basically username and password) can be stored in an independent datastore. When a user logs in eXo Platform that delegates to CAS, CAS in its turn calls the service of datastore to validate the login. If you store user information in eXo Platform, you need to configure CAS to call back the eXo Platform service to validate a login. In this case (called "callback"), eXo provides solution for user information store - an Authentication plugin named org.gatein.sso.opensso.plugin.AuthenticationPlugin that can be set on the CAS server. This plugin makes secure authentication callbacks to a RESTful service installed on the remote eXo Platform server to authenticate a user. Meanwhile, if you store user information in another external datastore rather than eXo Platform (called non-callback), you do not need to install this Authentication plugin. Instead, you need to have another Authentication plugin that is compatible with your datastore.
On the CAS server side, the following packages are required:
$GATEIN_SSO_HOME
:
The GateIn SSO package
as mentioned in the Prerequisites of the SSO guideline.
This is not needed in case of non-callback.
$CAS_HOME
:
The CAS package that you may download from https://www.apereo.org/cas/download.
For eXo Platform integration, eXo supports and tests CAS 3.5.x.
However, the integration can still work with all versions.
Once downloaded, extract the package to a location named $CAS_HOME
.
The downloaded CAS release is a Maven-based project source (CAS does not release binaries officially), so you need to build the project by yourself. To complete these instructions, and perform the final build step, you need Apache Maven 3. You can get it here.
$CAS_TOMCAT_HOME
:
A Servlet container on which CAS server will be deployed.
In this tutorial, it is a Tomcat 7 package
that you will download and extract to $CAS_TOMCAT_HOME
in next steps.
Obtain a copy of Tomcat 7 package and extract it into the location named $CAS_TOMCAT_HOME
.
Go to $CAS_HOME/cas-server-webapp
and execute the mvn clean install -Dmaven.test.skip=true command.
Deploy CAS to Tomcat by copying $CAS_HOME/cas-server-webapp/target/cas.war
into $CAS_TOMCAT_HOME/webapps
.
Change the default port to avoid conflicts with the default eXo Platform (for testing purposes)
by replacing the 8080 port with 8888 in $CAS_TOMCAT_HOME/conf/server.xml
.
If eXo Platform is running on the same machine as Tomcat, other ports need to be changed to avoid port conflicts. They can be changed to any free port. For example, you can change the admin port from 8005 to 8805, and the AJP port from 8009 to 8809.
Start the CAS Tomcat server
($CAS_TOMCAT_HOME\bin\startup.bat
for Windows, or $CAS_TOMCAT_HOME/bin/startup.sh
for Linux/OS X).
At this stage, the CAS Tomcat is accessible at http://localhost:8888/cas, but unavailable for login.
After deploying CAS, you need to properly configure the CAS server. The configuration will be different between callback and non-callback cases. In paticular:
If you store users in eXo Platform, see Authentication plugin setup.
If you store users in another datasource (such as LDAP), you need to have an Authentication plugin that is compatible with your datasource. For CAS 3.5.x integration, see here for specific cases.
The below procedure is for callback to eXo Platform server only. If it is not your case, bypass this.
Open $CAS_TOMCAT_HOME/webapps/cas/WEB-INF/deployerConfigContext.xml
, then replace:
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
With the following (make sure you have set the host, port and context with the values corresponding to your portal).
This is also available in $GATEIN_SSO_HOME/cas/plugin/WEB-INF/deployerConfigContext.xml
.
<bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin">
<property name="gateInProtocol"><value>http</value></property>
<property name="gateInHost"><value>localhost</value></property>
<property name="gateInPort"><value>8080</value></property>
<property name="gateInContext"><value>portal</value></property>
<property name="httpMethod"><value>POST</value></property>
</bean>
Copy .jar
files from $GATEIN_SSO_HOME/cas/plugin/WEB-INF/lib
into the $CAS_TOMCAT_HOME/webapps/cas/WEB-INF/lib
directory.
Now, you can move to the next section to configure the eXo Platform server.