This tutorial is designed to help a new CAS user to setup Apereo CAS server and client to their applications. The code of this tutorial is open sourced on GitHub.
What's CAS?
Enterprise Single Sign-On - CAS provides a friendly open source community that actively supports and contributes to the project. While the project is rooted in higher-ed open source, it has grown to an international audience spanning Fortune 500 companies and small special-purpose installations.
CAS provides enterprise single sign-on service for the Web:
- An open and well-documented protocol
- An open-source Java server component
- Pluggable authentication support (LDAP, database, X.509, 2-factor)
- Support for multiple protocols (CAS, SAML, OAuth, OpenID)
- A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others
- Integrates with uPortal, BlueSocket, TikiWiki, Mule, Liferay, Moodle and others
- Community documentation and implementation support
- An extensive community of adopters
Setup Aperro CAS Server
Download Source Code
Before start, you need to download the source code from GitHub. In this tutorial, we are about to use the 4.x release.
Create Maven Project
After download completes, uncompress the source code and copy cas-server-webapp/src/main/webapp and cas-server-webapp/src/main/resources to webapp and resources folder of the new created Maven project respectively.
Setup Maven Dependencies
Setup Maven dependencies in pom.xml as following:
<properties>
<spring.version>4.2.3.RELEASE</spring.version>
<cas-server.version>4.1.10</cas-server.version>
<cs.dir>${project.parent.basedir}</cs.dir>
</properties>
<repositories>
<repository>
<id>codelds</id>
<url>https://code.lds.org/nexus/content/groups/main-repo</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-webapp-support</artifactId>
<version>${cas-server.version}</version>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas-server.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>com.ryantenney.metrics</groupId>
<artifactId>metrics-spring</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc7</artifactId>
<version>12.1.0.2</version>
</dependency>
<!-- JSTL Tags -->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-security-filter</artifactId>
<version>2.0.4</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.22</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
</dependencies>
HTTP Support
We strongly recommend you to use HTTPS in production environment! But in development environment, you may want to use HTTP. You need to edit WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml as following:
<bean id="ticketGrantingTicketCookieGenerator"
class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
c:casCookieValueManager-ref="cookieValueManager"
p:cookieSecure="false" <!-- Edit this value -->
p:cookieMaxAge="-1"
p:cookieName="TGC"
p:cookiePath=""/>
And WEB-INF/deployerConfigContext.xml:
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:requireSecure="false" <!-- Add this attribute -->
p:httpClient-ref="supportsTrustStoreSslSocketFactoryHttpClient" />
Database Configuration
The structure of the user table (named users) is listed below:
| Field Name | Field Type |
|---|---|
| username | VARCHAR2 |
| password | VARCHAR2 |
To add database support, you need to edit WEB-INF/deployerConfigContext.xml. Just change following lines
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
to
<!-- Replace driverClassName to MySQL Connector if you're using MySQL -->
<!-- Replace url, username, password to yours -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
init-method="init" destroy-method="close">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />
<property name="url" value="jdbc:oracle:thin:@localhost:1521/xe" />
<property name="username" value="Your-Username" />
<property name="password" value="Your-Password" />
</bean>
<bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0" value="MD5" />
</bean>
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="MD5PasswordEncoder"/>
<property name="sql" value="select password from users where username = ?" />
</bean>
Finally, we need to setup the applications that authenticate via this CAS server. Replace following lines in WEB-INF/deployerConfigContext.xml:
<bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao"
c:configDirectory="${service.registry.config.location:classpath:services}" />
to
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="10000001"/>
<property name="name" value="Your Service Name"/>
<property name="description" value="Your Service Description"/>
<property name="serviceId" value="^(http?|https?|imaps?)://((127\.0\.0\.1)|(localhost))(:[\d]+)?/.*"/>
<property name="evaluationOrder" value="10000001"/>
</bean>
</util:list>
Setup Aperro CAS Client
It's easier to setup CAS client in the application. First of all, you need to add dependency to pom.xml:
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.1</version>
</dependency>
Then, add following lines in web.xml:
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost/cas/login</param-value>
</init-param>
<init-param>
<param-name>casServerLogoutUrl</param-name>
<param-value>http://localhost/cas/logout</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>localhost</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
References
- http://blog.csdn.net/heavenick/article/details/51916663
- http://blog.csdn.net/heavenick/article/details/51923361
- https://my.oschina.net/yxzterry/blog/746189
- https://www.apereo.org/projects/cas
- https://github.com/apereo/java-cas-client