Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

Table of Contents

Intro

The purpose of this tutorial is to outline the steps required to set up the ExampleWebsite ASP.NET web application, located at https://source.jasig.org/cas-clients/dotnet-client/trunk/

System Environment

  1. Microsoft Visual Studio 2010 Professional Edition
  2. Windows 7 Professional with Internet Information Services 6 [Full Pack]
  3. AnkhSVN - Subversion Support for Visual Studio

Setup the CAS Server

Follow the instructions at this link to setup an instance of the CAS server. Additional software may be required.

Setup ExampleWebsite in Visual Studio

  • Launch Microsoft Visual Studio with admin privileges. You can do so by right clicking on Visual Studio and selecting Run as Administrator. This is required for you to publish application artifacts to the local instance of IIS.
  • From the File menu, select Open -> Subversion Project. Enter the following link into the address bar: https://source.jasig.org/cas-clients/dotnet-client/trunk/

Open the “DotNetCasClient.vs2010.sln” solution file. Visual Studio will download the artifacts to the project folder.

Image Removed

  • Right click on the ExampleWebsite app and selecting Select as Startup Project.
  • Right click on the DotNetCasClient app and select Build.
  • Add a Web.config file to the ExampleWebsite. Copy the contents of web.config.sample file into Web.config and modify the following sections:
Code Block
languagehtml/xml
titleWeb.config
<casClientConfig
  casServerLoginUrl="https://<your-full-machine-name>:8443/cas/login"
  casServerUrlPrefix="https://<your-full-machine-name>:8443/cas/"
  serverName="https://<your-full-machine-name>"
  notAuthorizedUrl="~/NotAuthorized.aspx"
  cookiesRequiredUrl="~/CookiesRequired.aspx"
  redirectAfterValidation="true"
  gateway="false"
  renew="false"
  singleSignOut="true"
  ticketTimeTolerance="5000"
  ticketValidatorName="Cas20"
  proxyTicketManager="CacheProxyTicketManager"
  serviceTicketManager="CacheServiceTicketManager"
  gatewayStatusCookieName="CasGatewayStatus" 
 />

<authentication mode="Forms">
  <forms
    loginUrl="https://<your-full-machine-name>:8443/cas/login"
    timeout="90"
    defaultUrl="~/Default.aspx"
    cookieless="UseCookies"
    slidingExpiration="true"
  />
</authentication>
  • Replace the <your-full-machine-name> with your full computer name.
Info
titleFull Computer Name
You can retrieve the fully qualified machine name by pressing WinKey+Pause and noting the value for "Full computer name".
  • Right click on ExampleWebsite and select Publish Website. From the dialog, click the browse button and navigate to Local IIS group. Then, select Default Website.

Image Removed

Create IIS .NET SSL Certificate

  • Inside the IIS Manager, open the Server Certificates module.
  • From the Actions list on the right, select Create Self-Signed Certificate. Enter dotnet for the friendly name and click OK.

Image Removed

  • Right click on the dotnet certificate in the list and select Export. In the new dialog, specify the export path and for the password, enter “changeit” without the quotation marks.

...

  • Open Internet Explorer and bring up the Options Dialog. Then, navigate to the Content tab. Click on the Certificates and select the Trusted Root Certification Authorities.
  • Click on the Import button and walkthrough the wizard. Specify the file name to be the <path-export-file> above.  Finally, make sure the certificate is placed inside the Trusted Root Certification Authorities.
Image Removed

Import IIS .NET SSL Certificate to JVM

  • Select the imported certificate above and click on Export.
  • Select DER (*.cer file) as the export format, provide a file name (i.e client.cer) and export the certificate.

Image Removed

  • Type CMD into the Start Menu, right click on CMD in the list and select Run as Administrator.
  • Navigate to the directory where you exported the certificate CER file.
  • Issue the following command to import  the certificate to the Java keystore:
Code Block
languagejava
keytool -import -file client.cer -keystore "%JAVA_HOME%"\jre\lib\security\cacerts -alias dotnet

When prompted, enter “yes” to trust and import the certificate to the JVM keystore.

Image Removed

Import JVM SSL Certificate to IIS

  • Open Internet Explorer and bring up the Options Dialog. Then, navigate to the Content tab. Click on the Certificates and select the Trusted Root Certification Authorities.
  • Click on the Import button and walkthrough the wizard. Locate the server certificate that you created for the tomcat instance (i.e tomcat.crt). Finally, make sure the certificate is placed inside the Trusted Root Certification Authorities. 
Image Removed

Assign SSL Certificates to Trusted Root CA

  • Open the start menu and type MMC into the Run dialog. (You should have/allow admin access to in order to launch the Windows Management Console)
  • From the File menu, select Add/Remove Snap-in and select Certificates from the Available Snap-ins list.
  • Click the Add button and select My User Account. Finally, add the Snap in to the list.
  • Click the Add button again and select Computer Account. Choose the Local Computer option and add the Snap in to the list. Finally, click OK to close the dialog.

Image Removed

  • Expand the node Certificates – Current User,Trusted Root Certification Authorities and then Certificates.
  • Make sure both certificates exist in the list. Also, copy all certificates and put them in Certificates – Local Computer - Trusted Root Certification Authorities.  This is required for IIS to validate and authenticate requests.

Configure Server Credentials

You should configure the CAS server credentials so they match the ExampleWebsite accounts, which are defined in App_Data\UserRoles.xml.

  1. Locate the bean entry: $CATALINA_HOME/webapps/cas/WEB-INF/deployerConfigContext.xml

  2. Locate the bean entry: <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
  3. Replace it with the following:
Code Block
languagehtml/xml
titleCAS Server Credentials
<bean class="org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler">
  <property name="users">
    <map>
      <entry>
        <key><value>admin</value></key>
        <value>admin</value>
      </entry>
      <entry>
        <key><value>bob</value></key>
        <value>bob</value>
       </entry>
   </map>
  </property>
</bean>

Run

First, make sure you have the CAS server up and running and you can log into CAS using the above credentials.

...

Use the links on the left-hand side (i.e “Administrators Role Only”) to test the authentication mechanism. You should be redirected to CAS and after authenticating successfully, you should be returned to the website and section allowed for admins only.