Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

Getting the code

Yale CAS Server implementation notes

Deploying Yale CAS Server

Getting the code

Obtain the Yale CAS Server 2.x zip distribution from the link above. Unzip.

Other resources

There are articles which may also help you getting started deploying CAS Server. The ESUP-Portail Quick start distribution may also be a better way to get started with CAS Server. You could always read the README distributed with CAS Server.

Getting started

Configuring Tomcat to vend CAS via SSL

While CAS works fine on Tomcat 4.x, you probably want to be running Tomcat 5. In your Tomcat 5's /conf/server.xml, uncomment the Connector entry to enable SSL:

 <Connector port="443" 
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="C:\j2sdk1.4.2_04\jre\lib\security\cacerts" keystorePass="changeit"/>

That keystoreFile path should point to your JRE's cacerts keystore. The default keystore password is "changeit" though you may have changed it.

Of course, this requires that your cacerts contains a key, self-signed or otherwise, for your server. There's more documentation on SSL certificate issues here.

Installing the .war into Tomcat

  1. Stop your Tomcat.
  2. Place the cas.war into your Tomcat's /webapps/ directory. A default cas.war is distributed in the /lib/ directory of the CAS server distrbtion. This default .war will work fine for trying CAS out for the first time.
  3. Start your Tomcat.

Trying it out

Open your web browser. Point it at your Tomcat instance. In the case of a self-signed certificate for localhost and a Tomcat configured to expose the CAS webapp on port 8080, point it at "https://localhost:8080/cas/".

Admire the default login screen. Make a mental note to change it to use your institution's colors and branding.

By default, any username and password pair such that the username equals the password will successfully authenticate. Try some pairs that don't match each other, and observe CAS coldly rejecting you. Then use the same word for both username and password, and observe yourself to be authenticated.

Open a new browser window. Go to "https://localhost:8080/cas/login?service=foo". Give it a username matching a password. It will try to redirect you to the service "foo", which does not exist. Notice the ticket request parameter in your web browser's address bar. Copy this ticket. Go to "https://localhost:8080/cas?serviceValidate?ticket=TICKETSTRING&service=foo", where TICKETSTRING is that String you copied. Notice CAS's validation success response. Congtratulations! You've just successfully validated a ticket.

Now try reloading the URL. Notice that ticket validation now fails. Service Tickets are one-time use.

Configuring and Customizing CAS

Plugging in an AuthHandler for your institution

Changing the CAS timeout configurations

Branding the Look and Feel

  • No labels