Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Of course, this requires that your cacerts contains a key, self-signed or otherwise, for your server. There's more documentation on SSL certificate issues here.

Building the .war

Installing the .war into Tomcat

  1. Stop your Tomcat.
  2. Place the cas.war into your Tomcat's /webapps/ directory. A default cas.war is distributed in the /lib/ directory of the CAS server distrbtion. This default .war will work fine for trying CAS out for the first time.
  3. Start your Tomcat.

Trying it out

Open your web browser. Point it at your Tomcat instance. In the case of a self-signed certificate for localhost and a Tomcat configured to expose the CAS webapp on port 8080, point it at "https://localhost:8080/cas/".

Admire the default login screen. Make a mental note to change it to use your institution's colors and branding.

By default, any username and password pair such that the username equals the password will successfully authenticate. Try some pairs that don't match each other, and observe CAS coldly rejecting you. Then use the same word for both username and password, and observe yourself to be authenticated.

Open a new browser window. Go to "https://localhost:8080/cas/login?service=foo". Give it a username matching a password. It will try to redirect you to the service "foo", which does not exist. Notice the ticket request parameter in your web browser's address bar. Copy this ticket. Go to "https://localhost:8080/cas?serviceValidate?ticket=TICKETSTRING&service=foo", where TICKETSTRING is that String you copied. Notice CAS's validation success response. Congtratulations! You've just successfully validated a ticket.

Now try reloading the URL. Notice that ticket validation now fails. Service Tickets are one-time use.

Configuring and Customizing CAS

...