Putting Jasig-Cas on Cloud [Cloudbees]

Jasig Cas stand for Central Authentication Service. It’s a webapp that allows Single Sign On/Out for all your applications. It can be coupled to ldap, jdbc, X.509, etc. You can find more on authentification modules here.

What’s the meaning ? in fact in the cloud you will deploy a lot of applications each one representing a service for your compagny. Should the user identify itself when he use the CRM and then login again when using the ERP ? CAS is the solution.

CAS provide a single login window which is displayed when you tried to access a service for the first time. It memorize the Url of the service you want to access, check your credentials, generate a ticket and send it back to the service. The next service ask Cas for a ticket when you tried to reach it and if found you are granted or send back to the login.

In this tutorial i’ll show you how to setup a basic Cas server on Cloudbees and how to fill credential in a simple file. You’ll be able to configure it on your own using this base.

Preparations

  1. Download the Cas server implementation here
  2. Install Maven if not already installed.

Getting Started

  1. Unzip the Cas server distribution
Prepare the file identification module

Cas is very modulable, you can load only the part that is required to your project. The generic module can load identification from a XML declaration.
  1. Enter the directory cas-server-3.4.XX\cas-server-support-generic
  2. Type : mvn install to start the building of the module
  3. Get the cas-server-support-generic-XXX.jar in the target directory just created 

Prepare the web application

The webapps contains the core of the Cas server, it load authentification modules, display the login page which you can brand to your compagny and allow you to configure the services that can be CASified.

  1. Enter the directory cas-server-3.4.XX\cas-server-webapp
  2. Type : mvn install to start the building of the web archive
  3. War are just zip file, extract the archive, i use 7zip
  4. In the Web-Inf/lib, paste the  cas-server-support-generic-XXX.jar

Configure the authentification

Define the admin

Open the file deployerConfigContext.xml and found the section

<sec:user-service id=”userDetailsService”>

<sec:user name=”@@THIS SHOULD BE REPLACED@@” password=”notused” authorities=”ROLE_ADMIN” />

</sec:user-service>

Replace @@THIS SHOULD BE REPLACED@@ with a new user : itsme

this user now have the role of Admin, once identified it can control the cas server.

Configure the authentification handler : source of credentials

In the same file replace the section

<bean class=”org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler” />

with this one

<bean class=”org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler”>

            <property name=”users”>

               <map>

                  <entry key=”itsme” value=”cantremember” />

                  <entry key=”rick” value=”roll” />

               </map>

            </property>

        </bean>

Create the CloudBees environnement

Create a free account and quickly check http://wiki.cloudbees.com/bin/view/RUN/GettingStarted

Configure the environnement

  1. Open the file WEB-INF/cas.properties
  2. Configure server.prefix= http://cas.your_account.cloudbees.net

War

Now archive all the directory as a zip file and change the extension from .zip to .war. Take care to respect the deployment tree ! the zip contains WEB-INF not another sub directory !!!

UPLOAD !!!

  1. Fast way : upload your file to cloudbees using the application manager
  2. Production : open a dev@cloudbees.com and use git with ssh

And that’s it ! the server is ready. You can now point your browser to your application : http://cas. your_account .cloudbees.net

Configure the Cas services 

Point your browser to http://cas. your_account .cloudbees.net/services and login using itsme/cantremember. Now you have access to the services control panel where you can configure all your CASified applications.

If you are starting with cas you can find CASified applications here:

https://wiki.jasig.org/display/CASUM/End-to-end+Windows+Example#End-to-endWindowsExample-DeploytheProtectedApplications

What’s really great for me is that this app is on the cloud, there’s is few possibilities of getting down and it extract the complexity of authenfication from my services.

Notes

Don’t know why, i got a lot of errors with local and file not found when trying to deploy on Jelastic which is also a great platform. If someone can provide indications, it’s more than welcome.

@3 months ago
#Jelastic #Jasig Cas #Cloud