Difference between revisions of "Central Authentication Service - OpenKM 6.2"
Line 9: | Line 9: | ||
According to the CAS documentation, it only works in secured HTTPS connections. For this reasong you need to configure HTTPS under Tomcat. Uncomment the "SSL HTTP/1.1 Connector" entry in $TOMCAT_HOME/conf/server.xml. Once you have modified it, start Tomcat and access https://localhost:8443/ to check it works fine. | According to the CAS documentation, it only works in secured HTTPS connections. For this reasong you need to configure HTTPS under Tomcat. Uncomment the "SSL HTTP/1.1 Connector" entry in $TOMCAT_HOME/conf/server.xml. Once you have modified it, start Tomcat and access https://localhost:8443/ to check it works fine. | ||
− | Now go to the CAS web site and download the package with the server from http://www.jasig.org/cas_server_3_5_2_release. Once downloaded unpack it and copy the cas-server-3.5.2/modules/cas-server-webapp-3.5.2.war file to $TOMCAT_HOME/webapps/cas-server.war (so the access to this webapp module will be easier to remember and write). Start Tomcat and check it has been deployed ok accessing to https://localhost:8443/cas-server. You can use any user to login with this unique restriction: the user and password should be the same. For example, try "foo" / "foo". Remember these two URLs: | + | Now go to the CAS web site and download the package with the server from http://www.jasig.org/cas_server_3_5_2_release. Once downloaded unpack it and copy the cas-server-3.5.2/modules/cas-server-webapp-3.5.2.war file to $TOMCAT_HOME/webapps/cas-server.war (so the access to this webapp module will be easier to remember and write). Start Tomcat and check it has been deployed ok accessing to https://localhost:8443/cas-server. You can use any user to login with this unique restriction: the user and password should be the same. For example, try "foo" / "foo". |
+ | |||
+ | Remember these two URLs: | ||
* CAS Login: https://localhost:8443/cas-server/login | * CAS Login: https://localhost:8443/cas-server/login | ||
* CAS Logout: https://localhost:8443/cas-server/logout | * CAS Logout: https://localhost:8443/cas-server/logout | ||
+ | |||
+ | == Spring Security configuration == | ||
+ | In order to use CAS with Spring Security, you need to edit the pom.xml descriptor and add this dependency: | ||
+ | |||
+ | <source lang="xml"> | ||
+ | <dependency> | ||
+ | <groupId>org.springframework.security</groupId> | ||
+ | <artifactId>spring-security-cas</artifactId> | ||
+ | <version>${spring.security.version}</version> | ||
+ | </dependency> | ||
+ | </source> | ||
[[Category: Installation Guide]] | [[Category: Installation Guide]] |
Revision as of 09:46, 2 October 2013
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
First of all you should read about how CAS works. So I recommend to read these articles:
- A detailed walk through a CAS authentication
- Spring Security: CAS Authentication
- And te mother-of-all-documentation at Spring Security 3.1 (Chapter 9).
According to the CAS documentation, it only works in secured HTTPS connections. For this reasong you need to configure HTTPS under Tomcat. Uncomment the "SSL HTTP/1.1 Connector" entry in $TOMCAT_HOME/conf/server.xml. Once you have modified it, start Tomcat and access https://localhost:8443/ to check it works fine.
Now go to the CAS web site and download the package with the server from http://www.jasig.org/cas_server_3_5_2_release. Once downloaded unpack it and copy the cas-server-3.5.2/modules/cas-server-webapp-3.5.2.war file to $TOMCAT_HOME/webapps/cas-server.war (so the access to this webapp module will be easier to remember and write). Start Tomcat and check it has been deployed ok accessing to https://localhost:8443/cas-server. You can use any user to login with this unique restriction: the user and password should be the same. For example, try "foo" / "foo".
Remember these two URLs:
- CAS Login: https://localhost:8443/cas-server/login
- CAS Logout: https://localhost:8443/cas-server/logout
Spring Security configuration
In order to use CAS with Spring Security, you need to edit the pom.xml descriptor and add this dependency:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>${spring.security.version}</version>
</dependency>