CAS configuration
This article try to explain how to configure CAS server and client for exo. For this example we will use 2 the same tomcat instance, but one for it has additation CAS server. This configuration is not very useful, but very good example for configuration CAS. Tomcat 1 deployed on windows 2003 - this is CAS server, tomcat 2 on Ubuntu 7.10.- Configure CAS server. (DNS name: test01-srv.exoua-int)
E:/Program Files>cd java E:/Program Files/Java>cd jre1.5.0_11 E:/Program Files/Java/jre1.5.0_11>cd bin E:/Program Files/Java/jre1.5.0_11/bin>keytool -genkey -alias tomcat -keypass 123456 -keyalg RSA Enter keystore password: 123456 What is your first and last name? [Unknown]: test01-srv.exoua-int What is the name of your organizational unit? [Unknown]: . What is the name of your organization? [Unknown]: . What is the name of your City or Locality? [Unknown]: . What is the name of your State or Province? [Unknown]: . What is the two-letter country code for this unit? [Unknown]: UA Is CN=test01-srv.exoua-int, OU=., O=., L=., ST=., C=UA correct? [no]: yes E:/Program Files/Java/jre1.5.0_11/bin>keytool -export -alias tomcat -keypass 123456 -file server.crt Enter keystore password: 123456 Certificate stored in file <server.crt>
E:/Program Files/Java/jre1.5.0_11/bin>keytool -storepasswd -keystore ../lib/security/cacerts
Enter keystore password: changeit
New keystore password: 123456
Re-enter new keystore password: 123456E:/Program Files/Java/jre1.5.0_11/bin>keytool -import -file server.crt -keypass 123456 -keystore ../lib/security/cacerts Enter keystore password: 123456 Owner: CN=test01-srv.exoua-int, OU=., O=., L=., ST=., C=UA Issuer: CN=test01-srv.exoua-int, OU=., O=., L=., ST=., C=UA Serial number: 4810c6c5 Valid from: Fri Apr 24 20:33:36 HST 2008 until: Thu Jul 23 20:33:36 HST 2008 Certificate fingerprints: MD5: CC:3B:FB:FB:AE:12:AD:FB:3E:D 5:98:CB:2E:3B:0A:AD SHA1: A1:16:80:68:39:C7:58:EA:2F:48:59:AA:1D:73:5F:56:78:CE:A4:CE Trust this certificate? [no]: yes Certificate was added to keystore E:/Program Files/Java/jre1.5.0_11/bin>
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="E:/Documents and Settings/admin/.keystore" keystorePass="123456" keyAlias="tomcat" truststoreFile="E:/Program Files/Java/jre1.5.0_11/lib/security/cacerts" truststorePass="123456" />
<context-param>
<param-name>serverName</param-name>
<param-value>http://test01-srv.exoua-int:8080</param-value>
</context-param><filter>
<filter-name>SingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://test01-srv.exoua-int:8443/cas/login</param-value>
</init-param>
</filter>
<filter>
<filter-name>Cas20ProxyReceivingTicketValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://test01-srv.exoua-int:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>HttpServletRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<!-- eXo -->
<filter>
<filter-name>BaseIdentityInitializerFilterImpl</filter-name>
<filter-class>org.exoplatform.services.security.cas.client.impl.BaseIdentityInitializerFilterImpl</filter-class>
</filter>
<!-- end exo -->
....
<filter-mapping>
<filter-name>SingleSignOutFilter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Cas20ProxyReceivingTicketValidationFilter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HttpServletRequestWrapperFilter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<!-- exo -->
<filter-mapping>
<filter-name>BaseIdentityInitializerFilterImpl</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<!-- end exo -->
....
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
....
<!-- exo -->
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>org.exoplatform.services.security.cas.client.impl.LogoutServlet</servlet-class>
<init-param>
<param-name>casServerLogoutUrl</param-name>
<param-value>https://test01-srv.exoua-int:8443/cas/logout</param-value>
</init-param>
<init-param>
<param-name>redirectToUrl</param-name>
<param-value>http://test01-srv.exoua-int:8080/portal/public/classic</param-value>
</init-param>
</servlet>
<!-- end exo -->
.....
<!-- exo -->
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/logout/*</url-pattern>
</servlet-mapping>
<!-- end exo -->
....<!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <!-- will check username and password at remote host --> <bean class="org.exoplatform.services.security.cas.server.HTTPAuthenticationHandler" p:authenticationURL="https://ubu.exoua-int:8443/portal/login" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/andrew/.keystore" keystorePass="123456" keyAlias="tomcat" truststoreFile="/home/andrew/lib/java/jre/lib/security/cacerts" truststorePass="123456" />
<context-param>
<param-name>serverName</param-name>
<param-value>http://ubu.exoua-int:8080</param-value>
</context-param><filter>
<filter-name>SingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://test01-srv.exoua-int:8443/cas/login</param-value>
</init-param>
</filter>
<filter>
<filter-name>Cas20ProxyReceivingTicketValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://test01-srv.exoua-int:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>HttpServletRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<!-- exo -->
<filter>
<filter-name>BaseIdentityInitializerFilterImpl</filter-name>
<filter-class>org.exoplatform.services.security.cas.client.impl.BaseIdentityInitializerFilterImpl\
</filter-class>
</filter>
<!-- end exo -->
....
<filter-mapping>
<filter-name>SingleSignOutFilter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Cas20ProxyReceivingTicketValidationFilter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HttpServletRequestWrapperFilter</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<!-- exo -->
<filter-mapping>
<filter-name>BaseIdentityInitializerFilterImpl</filter-name>
<url-pattern>/private/*</url-pattern>
</filter-mapping>
<!-- end exo -->
....
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
....
<!-- exo -->
<servlet>
<servlet-name>BaseHTTPUsernamePasswordValidator</servlet-name>
<servlet-class>org.exoplatform.services.security.cas.client.impl.BaseHTTPUsernamePasswordValidatorImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>org.exoplatform.services.security.cas.client.impl.LogoutServlet</servlet-class>
<init-param>
<param-name>casServerLogoutUrl</param-name>
<param-value>https://test01-srv.exoua-int:8443/cas/logout</param-value>
</init-param>
<init-param>
<param-name>redirectToUrl</param-name>
<param-value>http://ubu.exoua-int:8080/portal/public/classic</param-value>
</init-param>
</servlet>
<!-- end exo -->
.....
<!-- exo -->
<servlet-mapping>
<servlet-name>BaseHTTPUsernamePasswordValidator</servlet-name>
<url-pattern>/login/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/logout/*</url-pattern>
</servlet-mapping>
<!-- end exo -->
....java InstallCert test01-srv.exoua-int:8443 123456
on 21/12/2008 at 09:21