Monday, June 18, 2012

CAS- Install & Configured CAS Server in UBUNTU

Reference site: https://help.ubuntu.com/community/CentralAuthenticationService


1) Install TOMCAT on Ubuntu
 
   # sudo apt-get update
   # sudo apt-get install tomcat6
   OR
   # sudo aptitude install tomcat6
   **Make sure you run this
   # sudo apt-get install openjdk-6-jdk

   Verify Java Installation
   # java -version

2) Install Maven
   # sudo apt-get install maven2

3) Optionally you can install maven-ant-helper in case you decide to use Ant to create deployment tasks:

   # sudo apt-get install ant
   # sudo apt-get install maven-ant-helper

 
4) Configuring CAS Server Build for Maven.
   Get the latest CAS server archive from JASig: http://www.ja-sig.org/downloads/cas
           -----------------
   # wget http://www.ja-sig.org/downloads/cas/cas-server-3.3.5-release.tar.gz
   # tar -xvzf cas-server-3.5.0-RC1-release.tar.gz
   # cd cas-server-3.5.0-RC1

5) Edit pom.xml
   # cd cas-server-wepapps/
   # nano pom.xml

   and add this line:

[dependency]
 ${project.groupId}
             cas-server-support-ldap
             ${project.version}
[/dependency]
   *Change [ ] to < and > & Save file.

6) Edit server.xml
   # nano /var/lib/tomcat6/conf/server.xml

   *Make sure you add or enable this
[Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" /]


   [Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" /]

   **Change [ ] to < and > & Save file.


7) Run this command in cas-server-3.5.0-RC1/cas-server-webapp directory
  # cd cas-server-3.5.0-RC1/cas-server-webapp
  # mvn clean package

8) Copy all content from content from cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
  # cd cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
  # cp -Rp * /var/lib/tomcat6/webapps/ROOT/

9) Restart tomcat service
  #service tomcat6 restart
  OR
  # /etc/init.d/tomcat6 restart

10)Setup SSL (self signed cert) with tomcat
  # keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore

* You will be requested for data that will show on your user browser's certificate:
  Enter keystore password: abc123
  Re-enter new password: abc123
  What is your first and last name: Jeremy Atkins
  What is your organizational unit: OU
  What is the name of your organization: NOYO
  What is the name of your city or your locality: MyCity
  What is the name of your state or province: Saudi Arabia
  What is the two-letter country code for this unit:  uk
  Is the entered data correct: yes>


11) Edit server.xml again
           [Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

           maxThreads="150" scheme="https" secure="true"

           clientAuth="false" sslProtocol="TLS" 

           keystoreFile="/etc/tomcat6/keystore" 

           keystorePass="abc123" /]
**Change [ ] to < and > & Save file.

 12) Restart tomcat service
  # service tomcat6 restart
  OR
  # /etc/init.d/tomcat6 restart


13) Make sure firewall allow port 8080, 8443, 8009, 389.
    Test telnet the port within server sso and ldap through all related port.
  # telnet  serverip 8443
  # telnet  serverip 8080
  # telnet  serverip 8009
  # telnet  serverip 389

14) ** Test site >> http://serveraddress:8080

15) Configure deployerConfigContex.xml
Add this line at   :
----------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="cn=%u,ou=people,dc=student,dc=taibah,dc=edu,dc=sa"  /]
[property name="contextSource" ref="contextSource" /] [/bean]
----------------------------------------------------------------------------

And this line after :
------------------------------------------------------------
 [bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
                [property name="pooled" value="true"/]
                [property name="urls"]
                    [list>
                        [value]ldap://serverldap_ip/[/value]
                    [/list]
                [/property]
                [property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
                [property name="password" value="asdfgh"/]
                [property name="baseEnvironmentProperties"]
                    [map]
                        [entry]
                            [key]
                                [value]java.naming.security.authentication[/value]
                            [/key]
                            [value]simple[/value]
                        [/entry]
                    [/map]
                [/property]
        [/bean]
-----------------------------------------------------------
**Change [ ] to < and > & Save file.                               

16) Restart tomcat service
  #service tomcat6 restart

17) Allow port 8443  >  443 
    # nano /etc/sysctl.conf  add  ->   sysctl net.ipv4.ip_forward=1

    Run iptable command:
    # iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination serverapps_ip:8443

18) Test site >> http://serveraddress

19) Test Login


-----------------------------------------------------------------------------------
Reference site:

http://rackerhacker.com/2009/11/16/automatically-loading-iptables-on-debianubuntu/
http://stackoverflow.com/questions/2619798/setup-ssl-self-signed-cert-with-tomcat
https://help.ubuntu.com/community/IptablesHowTo


3 comments:

Unknown said...

Not a bad walk through, just went through it this morning.

A couple of minor modifications needed, but nothing significant. IE: pom.xml file groupID and artifactID tags... minor.

Worked straight out of the box with ubuntu 12.04 this morning.

Dialing in my config now...
-- Thanks for the walk through...

Unknown said...

i think it's a helpful walkthrough for me.

but i feel confused when i try to setup in linux ubuntu 10.04 LTS.

in step 4, where must we extract the cas-server-3.5.0-release.tar.gz correctly?
because i have extracted in "Home Folder"

in step 10, I can't see the list of question inside your walkthrough. so, i add extension comment on keytool, that is "-keypass changeit"

Can you help my problem on it.

Thank you very much

Rathish said...

Install Maven instead of maven2. (maven installs the latest version)

# sudo apt-get install maven

Post a Comment