Depending on your organization infrastructure, user information (basically username and password) can be stored in an independent datastore. When a user logs in eXo Platform that delegates to CAS, CAS in its turn calls the service of datastore to validate the login. If you store user information in eXo Platform, you need to configure CAS to call back the eXo Platform service to validate a login. In this case (called "callback"), eXo provides solution for user information store - an Authentication plugin named org.gatein.sso.opensso.plugin.AuthenticationPlugin that can be set on the CAS server. This plugin makes secure authentication callbacks to a RESTful service installed on the remote eXo Platform server to authenticate a user. Meanwhile, if you store user information in another external datastore rather than eXo Platform (called non-callback), you do not need to install this Authentication plugin. Instead, you need to have another Authentication plugin that is compatible with your datastore.
On the CAS server side, the following packages are required:
The CAS package that you may download from https://www.apereo.org/cas/download.
For eXo Platform integration, eXo supports and tests CAS 3.5.x.
However, the integration can still work with all versions.
Once downloaded, extract the package to a location named
The downloaded CAS release is a Maven-based project source (CAS does not release binaries officially), so you need to build the project by yourself. To complete these instructions, and perform the final build step, you need Apache Maven 3. You can get it here.
A Servlet container on which CAS server will be deployed.
In this tutorial, it is a Tomcat 7 package
that you will download and extract to
$CAS_TOMCAT_HOME in next steps.
Obtain a copy of Tomcat 7 package and extract it into the location named
$CAS_HOME/cas-server-webapp and execute the mvn clean install -Dmaven.test.skip=true command.
Deploy CAS to Tomcat by copying
Change the default port to avoid conflicts with the default eXo Platform (for testing purposes)
by replacing the 8080 port with 8888 in
If eXo Platform is running on the same machine as Tomcat, other ports need to be changed to avoid port conflicts. They can be changed to any free port. For example, you can change the admin port from 8005 to 8805, and the AJP port from 8009 to 8809.
Start the CAS Tomcat server
$CAS_TOMCAT_HOME\bin\startup.bat for Windows, or
$CAS_TOMCAT_HOME/bin/startup.sh for Linux/OS X).
At this stage, the CAS Tomcat is accessible at http://localhost:8888/cas, but unavailable for login.
After deploying CAS, you need to properly configure the CAS server. The configuration will be different between callback and non-callback cases. In paticular:
The below procedure is for callback to eXo Platform server only. If it is not your case, bypass this.
$CAS_TOMCAT_HOME/webapps/cas/WEB-INF/deployerConfigContext.xml, then replace:
With the following (make sure you have set the host, port and context with the values corresponding to your portal).
This is also available in
.jar files from
Now, you can move to the next section to configure the eXo Platform server.