This tutorial is designed to help a new CAS user to set up the Apereo CAS server and client to their applications. The code of this tutorial is open-sourced on GitLab .
What’s CAS?
Enterprise Single Sign-On - CAS provides a friendly open source community that actively supports and contributes to the project. While the project is rooted in higher-ed open source, it has grown to an international audience spanning Fortune 500 companies and small special-purpose installations.
CAS provides enterprise single sign-on service for the Web:
- An open and well-documented protocol
- An open-source Java server component
- Pluggable authentication support (LDAP, database, X.509, 2-factor)
- Support for multiple protocols (CAS, SAML, OAuth, OpenID)
- A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others
- Integrates with uPortal, BlueSocket, TikiWiki, Mule, Liferay, Moodle, and others
- Community documentation and implementation support
- An extensive community of adopters
Setup Aperro CAS Server
Download Source Code
Before start, you need to download the source code from the Git repo . In this tutorial, we are about to use the 4.x release.
Create Maven Project
After the download completes, uncompress the source code and copy cas-server-webapp/src/main/webapp and cas-server-webapp/src/main/resources to webapp and resources folder of the new created Maven project respectively.
Setup Maven Dependencies
Setup Maven dependencies in pom.xml as following:
<properties>
<spring.version>4.2.3.RELEASE</spring.version>
<cas-server.version>4.1.10</cas-server.version>
<cs.dir>${project.parent.basedir}</cs.dir>
</properties>
<repositories>
<repository>
<id>codelds</id>
<url>https://code.lds.org/nexus/content/groups/main-repo</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-webapp-support</artifactId>
<version>${cas-server.version}</version>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas-server.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>com.ryantenney.metrics</groupId>
<artifactId>metrics-spring</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc7</artifactId>
<version>12.1.0.2</version>
</dependency>
<!-- JSTL Tags -->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-security-filter</artifactId>
<version>2.0.4</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.22</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
</dependencies>
HTTP Support
We strongly recommend you use HTTPS in the production environment! But in the development environment, you may want to use HTTP. You need to edit WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml as following:
<bean id="ticketGrantingTicketCookieGenerator"
class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
c:casCookieValueManager-ref="cookieValueManager"
p:cookieSecure="false" <!-- Edit this value -->
p:cookieMaxAge="-1"
p:cookieName="TGC"
p:cookiePath=""/>
And WEB-INF/deployerConfigContext.xml:
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:requireSecure="false" <!-- Add this attribute -->
p:httpClient-ref="supportsTrustStoreSslSocketFactoryHttpClient" />
Database Configuration
The structure of the user table (named users) is listed below:
| Field Name | Field Type |
|---|---|
| username | VARCHAR2 |
| password | VARCHAR2 |
To add database support, you need to edit WEB-INF/deployerConfigContext.xml. Just change the following lines
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
to
<!-- Replace driverClassName to MySQL Connector if you're using MySQL -->
<!-- Replace url, username, password to yours -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
init-method="init" destroy-method="close">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />
<property name="url" value="jdbc:oracle:thin:@localhost:1521/xe" />
<property name="username" value="Your-Username" />
<property name="password" value="Your-Password" />
</bean>
<bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0" value="MD5" />
</bean>
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="MD5PasswordEncoder"/>
<property name="sql" value="select password from users where username = ?" />
</bean>
Finally, we need to set up the applications that authenticate via this CAS server. Replace the following lines in WEB-INF/deployerConfigContext.xml:
<bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao"
c:configDirectory="${service.registry.config.location:classpath:services}" />
to
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="10000001"/>
<property name="name" value="Your Service Name"/>
<property name="description" value="Your Service Description"/>
<property name="serviceId" value="^(http?|https?|imaps?)://((127\.0\.0\.1)|(localhost))(:[\d]+)?/.*"/>
<property name="evaluationOrder" value="10000001"/>
</bean>
</util:list>
Setup Aperro CAS Client
It’s easier to set up CAS clients in the application. First of all, you need to add the dependency to pom.xml:
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.1</version>
</dependency>
Then, add the following lines in web.xml:
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost/cas/login</param-value>
</init-param>
<init-param>
<param-name>casServerLogoutUrl</param-name>
<param-value>http://localhost/cas/logout</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>localhost</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
The Disqus comment system is loading ...
If the message does not appear, please check your Disqus configuration.