How to set up a CAS Server/Client Web application
The full form of CAS is Central Authentication Service. What it does is that, it provides authentication service to the client applications.Well, I will describe my experience with the web applications. I started making simple web applications and build some functionality in it. Then I added security to the same application by creating login pages, storing passwords in the database and validating them against the user provided ones. Now, working in a IT-Company, where there are many applications. Normally the user who had taken three applications will have to have three different accounts in the web applications of the same company. Now, With the concept of cas, what you could do it build the authentication web application in one place, and point all you other web applications to use this service to authenticate.
Now lets move the place where we set up CAS 4.0 with Cas client version 3.2.1.
Jasig CAS is the most used version.
What do you need to do.
Install your cas Server
- Download CAS from this location- Extract it, go inside the folder cas-server-webapp and build the project with maven.(mvn clean package)
- Copy it in the webapps folder of your Tomcat.
- (Optional) If you want to configure your tomcat to https, follow this link, otherwise configure your cas to work with non-secure version by
changing the p:cookieSecure="true" to p:cookieSecure="false" under /WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml of cas Server
- Start your tomcat, and browse to the location [http://localhost:8080/cas or https://localhost:8443/cas](if you have not changed the port of tomcat)
Install your cas Client
- Download the cas client dependencies from this location- Run the pom.xml and add the jars created in the java web application
- Create a simple web application with web.xml, if you don't have your own application.
- Copy these libraries to the lib folder of WEB-INF
cas-client-core-3.1.1.jar (from cas-client 3.1.1)
commons-logging-1.1.jar (from cas-client 3.1.1)
xercesImpl.jar (from Apache Xerces release 2.9.1)
xml-apis.jar (from Apache Xerces release 2.9.1)
xmlsec-1.3.0.jar (from cas-client 3.1.1)
- Add the following filters in your web.xml. Change the locations
<filter><filter-name>CAS Authentication Filter</filter-name><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class><init-param><param-name>casServerLoginUrl</param-name><param-value>http://localhost:8080/cas/login</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://localhost:8080</param-value></init-param><init-param><param-name>renew</param-name><param-value>false</param-value></init-param><init-param><param-name>gateway</param-name><param-value>false</param-value></init-param></filter><filter><filter-name>CAS Validation Filter</filter-name><filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name><param-value>http://localhost:8080/cas/</param-value></init-param><init-param><param-name>serverName</param-name><param-value>http://localhost:8080</param-value></init-param><init-param><param-name>proxyCallbackUrl</param-name><param-value>http://localhost:8080/webappcas2/proxyCallback</param-value></init-param><init-param><param-name>proxyReceptorUrl</param-name><param-value>/webappcas2/proxyCallback</param-value></init-param></filter><filter><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter><filter><filter-name>CAS Assertion Thread Local Filter</filter-name><filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class></filter><!-- ************************* --><!-- Sign out not yet implemented --><!--<filter-mapping><filter-name>CAS Single Sign Out Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping>--><filter-mapping><filter-name>CAS Authentication Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Validation Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Assertion Thread Local Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Validation Filter</filter-name><url-pattern>/proxyCallback</url-pattern></filter-mapping>
- My web.xml look like this
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"id="WebApp_ID" version="3.0"><display-name>CasClientSimple</display-name><filter><filter-name>CAS Authentication Filter</filter-name><filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class><init-param><param-name>casServerLoginUrl</param-name><param-value>https://localhost:1443/cas/login</param-value></init-param><init-param><param-name>serverName</param-name><param-value>https://localhost:2443</param-value></init-param><init-param><param-name>renew</param-name><param-value>false</param-value></init-param><init-param><param-name>gateway</param-name><param-value>false</param-value></init-param></filter><filter><filter-name>CAS Validation Filter</filter-name><filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class><init-param><param-name>casServerUrlPrefix</param-name><param-value>https://localhost:1443/cas/</param-value></init-param><init-param><param-name>serverName</param-name><param-value>https://localhost:2443</param-value></init-param><init-param><param-name>proxyCallbackUrl</param-name><param-value>https://localhost:1443/cas/proxyCallback</param-value></init-param><init-param><param-name>proxyReceptorUrl</param-name><param-value>/cas/proxyCallback</param-value></init-param></filter><filter><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class></filter><filter><filter-name>CAS Assertion Thread Local Filter</filter-name><filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class></filter><!-- ************************* --><!-- Sign out not yet implemented --><!-- <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name><url-pattern>/*</url-pattern> </filter-mapping> --><filter-mapping><filter-name>CAS Authentication Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Validation Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS HttpServletRequest Wrapper Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Assertion Thread Local Filter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter-mapping><filter-name>CAS Validation Filter</filter-name><url-pattern>/proxyCallback</url-pattern></filter-mapping><welcome-file-list><welcome-file>index.html</welcome-file><welcome-file>index.htm</welcome-file><welcome-file>index.jsp</welcome-file><welcome-file>default.html</welcome-file><welcome-file>default.htm</welcome-file><welcome-file>default.jsp</welcome-file></welcome-file-list></web-app>
Edit your deployerConfigContext.xml, registeredservices list of CAS-server
<bean class="org.jasig.cas.services.RegexRegisteredService"p:id="0" p:name="HTTP and IMAP"p:description="Allows HTTP(S) and IMAP(S) protocols"p:serviceId="^(https?|imaps?)://.*"p:evaluationOrder="10000001"p:enabled="true"p:allowedToProxy="true"p:ssoEnabled="true"/>
- Now try browsing your web application. You will be directed to the cas url.
- If you are redirected to wrong url, try reconfiguring the corresponding url in your client, restart the tomcat and try again.
Some common errors you could run into
- Authentication validatin exception- You have not configured the Registered services list in deployerconfigcontext.xml of the cas server.
- SSL validation exception
- you probably have not registered the certificate.cer in your jre's cacerts file.
References:
- http://www.javaroots.com/2013/05/configure-cas-server-and-client-in-java.html
- http://jasig.github.io/cas/4.0.0/installation/Service-Management.html
No comments:
Post a Comment
If you like to say anything (good/bad), Please do not hesitate...