Examples to Configure CAS

CAS can be configured to use one or more different means of authentication. An authentication method is implemented by a handler. You can use one of the prefab handlers in the adaptors directory of the CAS server source, or write your own. The CAS server sources provide adaptors for, among others, relational database authentication and LDAP authentication.

In general, to enable a handler, you'll need to compile the handler source code, add the generated JAR file to the available libraries for CAS and configure the handler properties in the deployerConfigContext.xml that resides in the WEB-INF directory of your deployed CAS war (Web Archive). In Tomcat this would be TOMCAT_ROOT/webapps/cas/WEB-INF/deployerConfigContext.xml. To make the classes available to the CAS webapp, the JAR file should go into TOMCAT_ROOT/webapps/cas/WEB-INF/lib.

To create the JDBC jar for instance, cd into CAS_SOURCE/adaptors/jdbc, and run:

maven jar

Copy the jar file, created in the target directory, into the WEB-INF/lib directory of your CAS webapp. 

In the authenticationHandlers section, add a bean definition of your handler, including properties to be set on the handler.

An example of the SearchModeSearchDatabaseAuthenticationHandler (one of the three possible database handlers) looks like:

  <bean class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler">
    <property name="tableUsers"><value>users</value></property>
    <property name="fieldUser"><value>id</value></property>
    <property name="fieldPassword"><value>password</value></property>
    <property name="dataSource" ref="dataSource"/>
  </bean>

assuming the table where your users are stored is called users, your username field is id and your password field is password.
The property names correspond to setters on the handler. In this case, the SearchModeSearchDatabaseAuthenticationHandler has four setters (one of which is inherited), named:

  • setTableUsers
  • setFieldUser
  • setFieldPassword
  • setDataSource (inherited)

You may use further beans as values for a property name, as is the case here for the dataSource property. This bean can be made available in the same file, adding it after the last bean close tag. An example for the dataSource bean looks like:

<!-- Data source definition -->
  <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
    <property name="driverClassName">
      <value>com.mysql.jdbc.Driver</value>
    </property>
    <property name="url">
      <value>jdbc:mysql://localhost:3306/mydb</value>
    </property>
    <property name="username"><value>root</value></property>
    <property name="password"><value></value></property>
  </bean>

assuming you wish to use MySQL, running on localhost port 3306 (the default), and use a database called mydb. The user root is used to bind to the database, using no password.

Detailed examples how to configure CAS:

JDBC

LDAP

SPNEGO