Part-1 setup on JBoss server with CAS war

1. Download CAS (Central Authentication Service) from here.
You may like to read their document.

2. Unzip and place CAR web application on C:\jboss-4.2.2.GA\server\default\deploy\cas.war. This is example path.

3. I assume you use JBoss login-config.xml to setup for your LoginContext, so you have the name of application-policy like I configure it as “MyLoginRealm”.

4. Now you can go to ${jboss_server}\cas.war\WEB-INF\deployerConfigContext.xml, and modify

<property name=”authenticationHandlers”>

<bean>
<property name=”realm”><value>MyLoginRealm</value></property>
</bean>

5. Create your host server’s keystore and crt.

Creating the keystore and private key:
a. keytool -genkey -alias jbosskey -keypass changeit -keyalg RSA -validity 3650 -keystore MyServer.keystore

b. keytool -list -keystore MyServer.keystore

Generating and storing the certificate:
c. keytool -export -alias jbosskey -keypass changeit -file MyServer.crt -validity 3650 -keystore MyServer.keystore

d. keytool -import -alias jbosscert -keypass changeit -file MyServer.crt -keystore MyServer.keystore

e. keytool -list -keystore MyServer.keystore

6. Copy MyServer.keystore and MyServer.crt into ${jboss_server}\conf

7. Add

SET JAVA_OPTS=%JAVA_OPTS%  -Djavax.net.ssl.trustStore=${jboss_server}\conf\MyServer.keystore into your JVM option. (usually it is at run.bat)

8. Change server.xml at ${jboss_server}\deploy\jboss-web.deployer. Uncomment the 8443 security port like this

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”conf/MyServer.keystore”
keystorePass=”changeit”/>

Part-2 setup on your web apllicarion with CAS client
Now go to ${your_web_app}\WEB-INF\web.xml, and we need to add this into web.xml

<!-- CAS: Java Client 3.1.3-->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>

<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://hostname:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://hostname:8443</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
</filter>

<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://hostname:8443/cas/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://hostname:8443</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>

<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>

<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

Test drive
If you reques this, http://bestsite:8080, it will redirect to CAS login page. You will see like this,
https://bestsite:8443/cas/login?service=https%3A%2F%2Fbestsite%3A8080%2F. That means you are good now.

Advertisements