CONFIGURATION PROCESS OF CAS with LDAP

About CAS:

The CAS protocol involves at least three parties: a client web browser, the web application requesting authentication, and the CAS server. It may also involve a back-end service, such as a database server, that does not have its own HTTP interface but communicates with a web application.
When the client visits an application desiring to authenticate to it, the application redirects it to CAS. CAS validates the client's authenticity, usually by checking a username and password against a database (such as Kerberos or Active Directory).
If the authentication succeeds, CAS returns the client to the application, passing along a security ticket. The application then validates the ticket by contacting CAS over a secure connection and providing its own service identifier and the ticket. CAS then gives the application trusted information about whether a particular user has successfully authenticated.
CAS allows multi-tier authentication via proxy address. A cooperating back-end service, like a database or mail server, can participate in CAS, validating the authenticity of users via information it receives from web applications. Thus, a webmail client and a webmail server can all implement CAS.

Why CAS?

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.

CONFIGURATION PROCESS OF CAS with LDAP

Step 1:  Download CAS server latest version from bellow url,
http://www.jasig.org/cas_server_3_5_1_release as zip file and extract the zip file.
Step 2:  copy the webapp.war from modules folder of your extracted files.
Eg: D: \cas-server 3.5.1 \modules\cas-server-webapp-3.5.1.war;
And paste it in your tomcat server webapps folder, extract the war file.
Step 3: add the following jar files to cas lib.
1.      commons-pool-1.5.2.jar
http://repo1.maven.org/maven2/commons-pool/commons-pool/
2.       ldaptemplate-1.0.2.jar
3.       spring-ldap-1.2.1.jar
Step 4: open deployerConfigContext.xml and make following changes.

A. 
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
                 <!-- cofigure ldap admin user  -->
<property name="password" value="admin" /> 
                 <property name="userDn" value="cn=admin,ou=users,o=demo" /> 
<property name="pooled" value="false" />
<property name="urls">
<list>
 <value>ldap://localhost:10389</value> 
</list>
</property>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key><value>java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
</map>
</property>
</bean>

B.   change "authenticationHandlers" hanlder property of authenticationManager element to the bellow

<property name="authenticationHandlers">
 <list>
<bean  class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
 p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
      p:filter="uid=%u" <!-- userid to be search  %u replaces with given userid at runtime-->
p:searchBase="ou=users,o=demo"  <!-- node to search start from -->
       p:contextSource-ref="contextSource"/>
</list>
</property>


Step 5: Since CAS Requires https protocol we have to create and configure SSL certificate in  tomcat.

Let us see how to create and configure SSL certificate in tomcat:

Step 1: Open a command prompt and go to the conf folder of tomcat.
Step 2: Type the following command
keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -keystore server.keystore
Step 3: use “changeit” as password. Use myHostname when asked for first/last name. fill All information.
Step 4: server.keystore is generated.
Step 5: keytool -list -keystore server.keystore
Step 6: Type follwing command.
keytool -export -alias tomcat -keypass changeit -file server.crt -keystore server.keystore
Step 7: server.crt is generated
Step 8: Open server.xml file tomcat find the connector element with port 8443 and replace it with follwing.
<Connector
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>
Step 9: restart tomcat server and type the following url in browser address bar
https://localhost:8443/cas/login

Nhận xét

Bài đăng phổ biến từ blog này

CLEANING UP THE ZABBIX DATABASE

Configuring DHCP Relay service on the FortiGate unit

[Resolved] Amazon EC2 Redhat 7 using 6GB for the root space