Wednesday, June 20, 2012

CAS- Install & Configured CAS Server in UBUNTU

Reference site: https://help.ubuntu.com/community/CentralAuthenticationService


1) Install TOMCAT on Ubuntu 
  
   # sudo apt-get update
   # sudo apt-get install tomcat6
   OR
   # sudo aptitude install tomcat6
   # sudo apt-get install openjdk-6-jdk

   Verify Java Installation
   # java -version

check installation done
dpkg --get-selections | grep jdk

2) Install Maven
   # sudo apt-get install maven2

3) Optionally you can install maven-ant-helper in case you decide to use Ant to create deployment tasks:

   # sudo apt-get install ant
   # sudo apt-get install maven-ant-helper

  
4) Configuring CAS Server Build for Maven.
   Get the latest CAS server archive from JASig: http://www.ja-sig.org/downloads/cas
           -----------------
   # wget http://www.ja-sig.org/downloads/cas/cas-server-3.3.5-release.tar.gz
   # tar -xvzf cas-server-3.5.0-RC1-release.tar.gz
   # cd cas-server-3.5.0-RC1

5) Edit pom.xml
   # cd cas-server-wepapps/
   # nano pom.xml

   and add this line:

[dependency]
 ${project.groupId}
             cas-server-support-ldap
             ${project.version}
[/dependency]
   *Change [ ] to < and > & Save file.

6) Edit server.xml
   # nano /var/lib/tomcat6/conf/server.xml

   *Make sure you add or enable this
[Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" /]


   [Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" /]

   **Change [ ] to < and > & Save file.


7) Run this command in cas-server-3.5.0-RC1/cas-server-webapp directory
  # cd cas-server-3.5.0-RC1/cas-server-webapp
  # mvn clean package

8) Copy all content from content from cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
  # cd cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
  # cp -Rp * /var/lib/tomcat6/webapps/ROOT/

9) Restart tomcat service
  #service tomcat6 restart
  OR
  # /etc/init.d/tomcat6 restart

10)Setup SSL (self signed cert) with tomcat
  # keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore

* You will be requested for data that will show on your user browser's certificate:
  Enter keystore password: abc123
  Re-enter new password: abc123
  What is your first and last name: Jeremy Atkins
  What is your organizational unit: OU
  What is the name of your organization: NOYO
  What is the name of your city or your locality: MyCity
  What is the name of your state or province: Saudi Arabia
  What is the two-letter country code for this unit:  uk
  Is the entered data correct: yes>


11) Edit server.xml again
           [Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

           maxThreads="150" scheme="https" secure="true"

           clientAuth="false" sslProtocol="TLS" 

           keystoreFile="/etc/tomcat6/keystore" 

           keystorePass="abc123" /]
**Change [ ] to < and > & Save file.

 12) Restart tomcat service
  # service tomcat6 restart 
  OR
  # /etc/init.d/tomcat6 restart


13) Make sure firewall allow port 8080, 8443, 8009, 389.
    Test telnet the port within server sso and ldap through all related port.
  # telnet  serverip 8443
  # telnet  serverip 8080
  # telnet  serverip 8009
  # telnet  serverip 389

14) ** Test site >> http://serveraddress:8080

15) Configure deployerConfigContex.xml
#/var/lib/tomcat6/webapps/ROOT/WEB-INF

Add this line at   :
----------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="cn=%u,ou=people,dc=student,dc=contoso,dc=edu,dc=sa"  /]
[property name="contextSource" ref="contextSource" /] [/bean]
----------------------------------------------------------------------------

And this line after :
------------------------------------------------------------
 [bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
                [property name="pooled" value="true"/]
                [property name="urls"]
                    [list>
                        [value]ldap://serverldap_ip/[/value]
                    [/list]
                [/property]
                [property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
                [property name="password" value="asdfgh"/]
                [property name="baseEnvironmentProperties"]
                    [map]
                        [entry]
                            [key]
                                [value]java.naming.security.authentication[/value]
                            [/key]
                            [value]simple[/value]
                        [/entry]
                    [/map]
                [/property]
        [/bean]
-----------------------------------------------------------
**Change [ ] to < and > & Save file.                                

16) Restart tomcat service
  #service tomcat6 restart

17) Allow port 8443  >  443  
    # nano /etc/sysctl.conf  add  ->   sysctl net.ipv4.ip_forward=1

    Run iptable command:
    # iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination serverapps_ip:8443 

18) Test site >> http://serveraddress 

19) Test Login


----------------------------------------------------------------------------------- 
Reference site:

http://rackerhacker.com/2009/11/16/automatically-loading-iptables-on-debianubuntu/
http://stackoverflow.com/questions/2619798/setup-ssl-self-signed-cert-with-tomcat
https://help.ubuntu.com/community/IptablesHowTo

No comments:

Post a Comment