3.1.1. CAS server setup

Depending on your organization infrastructure, user information (basically username and password) can be stored in an independent datastore. When a user logs in eXo Platform that delegates to CAS, CAS in its turn calls the service of datastore to validate the login. If you store user information in eXo Platform, you need to configure CAS to call back the eXo Platform service to validate a login. In this case (called "callback"), eXo provides solution for user information store - an Authentication plugin named org.gatein.sso.opensso.plugin.AuthenticationPlugin that can be set on the CAS server. This plugin makes secure authentication callbacks to a RESTful service installed on the remote eXo Platform server to authenticate a user. Meanwhile, if you store user information in another external datastore rather than eXo Platform (called non-callback), you do not need to install this Authentication plugin. Instead, you need to have another Authentication plugin that is compatible with your datastore.

On the CAS server side, the following packages are required:

Deploying CAS

  1. Go to $CAS_HOME/cas-server-webapp and execute the command: mvn clean install -Dmaven.test.skip=true.

    Note

    For CAS 4.0.0, you need to edit its $CAS_HOME/pom.xml file by replacing:

    
    <header>${cs.dir}/src/licensing/header.txt</header>

    with

    
    <header>${licenseHeader}</header>
  2. Deploy CAS to Tomcat by copying $CAS_HOME/cas-server-webapp/target/cas.war into $CAS_TOMCAT_HOME/webapps.

  3. Change the default port to avoid conflicts with the default eXo Platform (for testing purposes) by replacing the 8080 port with 8888 in $CAS_TOMCAT_HOME/conf/server.xml.

    Note

    If eXo Platform is running on the same machine as Tomcat, other ports need to be changed to avoid port conflicts. They can be changed to any free port. For example, you can change the admin port from 8005 to 8805, and the AJP port from 8009 to 8809.

  4. Start the CAS Tomcat server ($CAS_TOMCAT_HOME\bin\startup.bat for Windows, or $CAS_TOMCAT_HOME/bin/startup.sh for Linux/OS X).

    Note

    At this stage, the CAS Tomcat is accessible at http://localhost:8888/cas, but unavailable for login.

After deploying CAS, you need to properly configure the CAS server. The configuration will be different between callback and non-callback cases. In paticular:

Authentication plugin setup

Note

The below procedure is for callback to eXo Platform server only. If it is not your case, bypass this.

  1. Go to $PLATFORM_HOME, and install CAS add-on with the command: addon install exo-cas.

    After successful installation, one zip folder named cas-plugin.zip is generated at the root of $PLATFORM_HOME.

  2. Extract cas-plugin.zip, then copy and merge its extracted .jar files into $CAS_TOMCAT_HOME/webapps/cas/WEB-INF/lib/.

  3. Open $CAS_TOMCAT_HOME/webapps/cas/WEB-INF/deployerConfigContext.xml to modify.

    • If you are using CAS 3.5.x, replace:

      
      <bean
          class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

      with the following (make sure you have set the host, port and context with the values corresponding to your portal).

      
      <bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin">
          <property name="gateInProtocol"><value>http</value></property>
          <property name="gateInHost"><value>localhost</value></property>
          <property name="gateInPort"><value>8080</value></property>
          <property name="gateInContext"><value>portal</value></property>
          <property name="httpMethod"><value>POST</value></property>
      </bean>
    • Or, if you are using CAS 4.0.0, find:

      
      <bean id="primaryAuthenticationHandler"
          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
          <property name="users">
              <map>
                  <entry key="casuser" value="Mellon"/>
              </map>
          </property>
      </bean>

      and replace with:

      
      <bean id="primaryAuthenticationHandler" class="org.gatein.sso.cas.plugin.CAS40AuthenticationPlugin">
          <property name="gateInProtocol"><value>http</value></property>
          <property name="gateInHost"><value>localhost</value></property>
          <property name="gateInPort"><value>8080</value></property>
          <property name="gateInContext"><value>portal</value></property>
          <property name="httpMethod"><value>POST</value></property>
      </bean>

    Now, you can move to the next section to configure the eXo Platform server.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus