Enterprise Single Sign (SSO) On using Apereo CAS
Apereo CAS (Central Authentication Service) provides single sign on (SSO)functionality to various applications.
Apereo CAS application has two parts
1.The web application which can run on any java EE compliant web server (like tomcat) and act as a server which
provides authentication.
2. The client , which you need to add with your application.
In this post , we will configure CAS in tomcat , and create a java web application which will use CAS authentication
service.
Configure CAS server
First we will configure CAS server to run as WAR application on tomcat. For this, first download CAS from https://www.apereo.org/projects/cas/download-cas.
In this post I used cas-server-3.5.2-release downloaded from https://github.com/apereo/cas/releases/tag/v3.5.2.
Extract the zip file and there you find different implementation of CAS server.Just Copy the cas-server-webapp-3.5.2.war.
Rename the war file to cas-server.war and deploy the war file in your tomcat .By default CAS Server web app will work on only for HTTPS connections.
Prepare the tomcat to accept https connections which is explained in this Post.
Start your tomcat and access the cas-server by https://localhost:8443/cas-server
You can see the login page as like below,
Creating java web application to use SSO of CAS
First we need to download CAS client for java. You should have following jars in your web app
1.cas-client-core-3.1.1.jar
2.commons-logging-1.1.jar
3.servlet-api-2.3.jar
4.xmlsec-1.3.0.jar
You can simply download these jars from maven repository.
Once you create a java web application add these jars to lib folder. The project will look like this
Now add these filter configurations to your web.xml.
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost:8080/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://localhost:8080/cas/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<param-name>proxyCallbackUrl</param-name>
<param-value>http://localhost:8080/webappcas2/proxyCallback</param-value>
</init-param>
<init-param>
<param-name>proxyReceptorUrl</param-name>
<param-value>/webappcas2/proxyCallback</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<!-- ************************* -->
<!-- Sign out not yet implemented -->
<!--
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/proxyCallback</url-pattern>
</filter-mapping>
That's it . Now if you try to access your web app , you will be redirected to cas login page to login first.Right
now CAS web app is configured to allow access with same username and password.You can configure cas-web-app as you wish. Upon successful authentication you will be served the web page from web app.
Upon success login page will redirect to your application with the SSO token.
http://localhost:8180/Test/index.jsp?ticket=ST-1-dgreiDgEIDtz2erwfEpx-cas01.example.org
I have not configured further, I will leave it to you.
Based on your needs you can create a application session and you can do lot more stuffs.
ref : http://www.javaroots.com/2013/05/configure-cas-server-and-client-in-java.html
Thanks.
Happy coding!