Configuring Apereo CAS

This tutorial is designed to help a new CAS user to setup Apereo CAS server and client to their applications. The code of this tutorial is open sourced on GitHub.

What's CAS?

Enterprise Single Sign-On - CAS provides a friendly open source community that actively supports and contributes to the project. While the project is rooted in higher-ed open source, it has grown to an international audience spanning Fortune 500 companies and small special-purpose installations.

CAS provides enterprise single sign-on service for the Web:

  • An open and well-documented protocol
  • An open-source Java server component
  • Pluggable authentication support (LDAP, database, X.509, 2-factor)
  • Support for multiple protocols (CAS, SAML, OAuth, OpenID)
  • A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others
  • Integrates with uPortal, BlueSocket, TikiWiki, Mule, Liferay, Moodle and others
  • Community documentation and implementation support
  • An extensive community of adopters

Setup Aperro CAS Server

Download Source Code

Before start, you need to download the source code from GitHub. In this tutorial, we are about to use the 4.x release.

Create Maven Project

After download completes, uncompress the source code and copy cas-server-webapp/src/main/webapp and cas-server-webapp/src/main/resources to webapp and resources folder of the new created Maven project respectively.

Setup Maven Dependencies

Setup Maven dependencies in pom.xml as following:


<properties>
    <spring.version>4.2.3.RELEASE</spring.version>
    <cas-server.version>4.1.10</cas-server.version>
    <cs.dir>${project.parent.basedir}</cs.dir>
</properties>
<repositories>
    <repository>
        <id>codelds</id>
        <url>https://code.lds.org/nexus/content/groups/main-repo</url>
    </repository>
</repositories>
<dependencies>
    <dependency>
        <groupId>org.jasig.cas</groupId>
        <artifactId>cas-server-webapp-support</artifactId>
        <version>${cas-server.version}</version>
    </dependency>
    <dependency>
        <groupId>org.jasig.cas</groupId>
        <artifactId>cas-server-support-jdbc</artifactId>
        <version>${cas-server.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-beans</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-tx</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-web</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-webmvc</artifactId>
        <version>${spring.version}</version>
    </dependency>
    <dependency>
        <groupId>com.ryantenney.metrics</groupId>
        <artifactId>metrics-spring</artifactId>
        <version>3.0.1</version>
    </dependency>
    <dependency>
        <groupId>com.oracle</groupId>
        <artifactId>ojdbc7</artifactId>
        <version>12.1.0.2</version>
    </dependency>
    <!-- JSTL Tags -->
    <dependency>
        <groupId>jstl</groupId>
        <artifactId>jstl</artifactId>
        <version>1.2</version>
    </dependency>
    <dependency>
        <groupId>taglibs</groupId>
        <artifactId>standard</artifactId>
        <version>1.1.2</version>
    </dependency>
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>jsp-api</artifactId>
        <version>2.0</version>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>org.jasig.cas</groupId>
        <artifactId>cas-server-security-filter</artifactId>
        <version>2.0.4</version>
    </dependency>
    <dependency>
        <groupId>com.alibaba</groupId>
        <artifactId>druid</artifactId>
        <version>1.0.22</version>
    </dependency>
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>servlet-api</artifactId>
        <version>2.5</version>
        <scope>provided</scope>
    </dependency>
</dependencies>

HTTP Support

We strongly recommend you to use HTTPS in production environment! But in development environment, you may want to use HTTP. You  need to edit WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml as following:

<bean id="ticketGrantingTicketCookieGenerator" 
    class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
          c:casCookieValueManager-ref="cookieValueManager"
          p:cookieSecure="false"  <!-- Edit this value -->
          p:cookieMaxAge="-1"
          p:cookieName="TGC"
          p:cookiePath=""/>

And WEB-INF/deployerConfigContext.xml:

<bean id="proxyAuthenticationHandler"
    class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" 
    p:requireSecure="false" <!-- Add this attribute -->
    p:httpClient-ref="supportsTrustStoreSslSocketFactoryHttpClient" />

Database Configuration

The structure of the user table (named users) is listed below:

Field Name Field Type
username VARCHAR2
password VARCHAR2

To add database support, you need to edit WEB-INF/deployerConfigContext.xml. Just change following lines

<bean id="primaryAuthenticationHandler"
      class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
    <property name="users">
        <map>
            <entry key="casuser" value="Mellon"/>
        </map>
    </property>
</bean>

to

<!-- Replace driverClassName to MySQL Connector if you're using MySQL -->
<!-- Replace url, username, password to yours -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" 
    init-method="init" destroy-method="close">
    <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"    />
    <property name="url" value="jdbc:oracle:thin:@localhost:1521/xe"   />
    <property name="username" value="Your-Username"  />
    <property name="password" value="Your-Password"  />
</bean>
<bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
    <constructor-arg index="0" value="MD5" />
</bean>
<bean id="primaryAuthenticationHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
    <property name="dataSource" ref="dataSource" />
    <property name="passwordEncoder" ref="MD5PasswordEncoder"/>
    <property name="sql" value="select password from users where username = ?" />
</bean>

Finally, we need to setup the applications that authenticate via this CAS server. Replace following lines in WEB-INF/deployerConfigContext.xml:

<bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao"
    c:configDirectory="${service.registry.config.location:classpath:services}" />

to

<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
    p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
    <bean class="org.jasig.cas.services.RegexRegisteredService">
        <property name="id" value="10000001"/>
        <property name="name" value="Your Service Name"/>
        <property name="description" value="Your Service Description"/>
        <property name="serviceId" value="^(http?|https?|imaps?)://((127\.0\.0\.1)|(localhost))(:[\d]+)?/.*"/>
        <property name="evaluationOrder" value="10000001"/>
    </bean>
</util:list>

Setup Aperro CAS Client

It's easier to setup CAS client in the application. First of all, you need to add dependency to pom.xml:

<dependency>
    <groupId>org.jasig.cas.client</groupId>
    <artifactId>cas-client-core</artifactId>
    <version>3.4.1</version>
</dependency>

Then, add following lines in web.xml:

<filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
        <param-name>casServerLoginUrl</param-name>
        <param-value>http://localhost/cas/login</param-value>
    </init-param>
    <init-param>
        <param-name>casServerLogoutUrl</param-name>
        <param-value>http://localhost/cas/logout</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>localhost</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Reference

  • http://blog.csdn.net/heavenick/article/details/51916663
  • http://blog.csdn.net/heavenick/article/details/51923361
  • https://my.oschina.net/yxzterry/blog/746189
  • https://www.apereo.org/projects/cas
  • https://github.com/apereo/java-cas-client
Contact Us
  • Room 614, Zonghe Building, Harbin Institute of Technology
  • cshzxie [at] gmail.com