Thursday, July 28, 2011

CAS (Centralized Authentication Service) Introduction


CAS is a Java based open source SSO (Single Sign On) solution originally developed by the Yale University. You can just have a Google search to find more on CAS and SSO. The official CAS web page is http://www.jasig.org/cas and you can download the CAS server from there.  Today I am going to give a brief description about how to deploy the CAS server application in your web server.
CAS is built on Spring Web Flow framework and Apache Maven has been used as the building tool. Therefore if you are going to re build/modify the CAS distribution, it is required to install Apache Maven and Spring web flow in your development environment. In addition, I am going to deploy the CAS sever application in the apache Tomcat server. Therefore it is good if you have installed following software prior to download and deploy CAS server.
  • Java
  • Apache Tomcat
  • Apache Maven
  • Spring Web Flow


CAS Server is available to download at http://www.jasig.org/cas/download . It is good if you download the latest version of the CAS server distribution. In my case, I have downloaded the cas-server-3.4.10 version. Once the download is completed, extract the CAS server zip file and you will get the CAS server directory with all available modules. Those modules are included in the CAs server directory as follows.





In order to deploy the CAS server application in your tomcat server, we need to work with the cas-server-webapp module.  That module should be built to get the deployable CAS server web application module (known as war file). You can follow the below steps to build the CAS server web application.( Use command prompt (in wndows) or terminal/vi editor (in linux) to build the cas-server-webapp module.)

1. go to the cas-server-webapp directory using your command prompt.

 In my case, C\cas-server-3.4.10\cas-server-webapp\

2. You can see the standard directory structure of the maven module and you are required to build the module using  Apache maven. In order to build the module, use the following command.

C\cas-server-3.4.10\cas-server-webapp\ mvn clean install
It will take few times to build the application module because; the required dependencies (as declared in the pom.xml file) should be downloaded from the maven repositories. Once the module is built, you can see a newly built directory called target. Inside the target directory, you will find the cas.war file. This file should be deployed in the webapps ($CATALINA_HOME/webapps) directory of the tomcat installation. After deploying the cas.war file, make sure to restart the tomcat server for reflecting the newly deployed web applications. (Even you can use the touch command also)


3. Now you can access the CAS server application as a web application hosted in your tomcat server.

http://localhost:4287/cas (i have changed the tomcat port from 8080 to 4287. This is because my 8080 port is used by some other application installed in my pc. You are not required to change it and you can use your default port that is 8080)

4. Then you will see the CAS login screen and it requests for your username and password. The CAS in built version authenticates the user credentials using through a simple authentication handler implemented by them. Therefore you have to type the same value for both username and password.

The class definition is available at : org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler

5. Once you are successfully authenticated, you will be displayed a login success page. Then open  a new tab and try to login again.

You will again see the login screen even if you have successfully logged in using previous tab. In order to avoid this situation, it is required to make the below configuration to the cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/TicketGrantingTicketCookieGenerator.xml file. Change the p:cookieSecure="true" property value to the p:cookieSecure="false". Then re-build the application and deploy it in tomcat server. Try to login again using two tabs. The problem may not occur anymore.


The next post will be how to integrate facebook login Authentication system with CAS server to make use of the facebook login for your website login.

Regards 
Chathuranga Tennkoon 

1 comment:

  1. Hey I have installed CAS server. But how to connect it with my php application?

    ReplyDelete