Saturday, September 9, 2017

Java Single Sign On using Apereo CAS

Enterprise Single Sign (SSO) On using Apereo CAS Apereo CAS ( Central Authentication Service ) provides single sign on (SSO)functiona... thumbnail 1 summary
Enterprise Single Sign (SSO) On using Apereo CAS

Apereo CAS (Central Authentication Service) provides single sign on (SSO)functionality to various applications.

Apereo CAS application has two parts 

1.The web application which can run on any java EE compliant web server (like tomcat) and act as a server which provides authentication.
2. The client , which you need to add with your application.

In this post , we will configure CAS in tomcat , and create a java web application which will use CAS authentication service.

Configure CAS server

First we will configure CAS server to run as WAR application on tomcat. For this, first download CAS from https://www.apereo.org/projects/cas/download-cas.

In this post I used cas-server-3.5.2-release downloaded from https://github.com/apereo/cas/releases/tag/v3.5.2.

Extract the zip file and there you find different implementation of CAS server.Just Copy the cas-server-webapp-3.5.2.war. Rename the war file to cas-server.war and deploy the war file in your tomcat .By default CAS Server web app will work on only for HTTPS connections.

Prepare the tomcat to accept https connections which is explained in this Post.


Start your tomcat and access the cas-server by https://localhost:8443/cas-server

You can see the login page as like below,


Creating java web application to use SSO of CAS

First we need to download CAS client for java. You should have following jars in your web app
1.cas-client-core-3.1.1.jar
2.commons-logging-1.1.jar
3.servlet-api-2.3.jar
4.xmlsec-1.3.0.jar

You can simply download these jars from maven repository.

Once you create a java web application add these jars to lib folder. The project will look like this


Now add these filter configurations to your web.xml.

<filter>
  <filter-name>CAS Authentication Filter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
  <param-name>casServerLoginUrl</param-name>
  <param-value>http://localhost:8080/cas/login</param-value>
  </init-param>
  <init-param>
  <param-name>serverName</param-name>
  <param-value>http://localhost:8080</param-value>
  </init-param>
  <init-param>
  <param-name>renew</param-name>
  <param-value>false</param-value>
  </init-param>
  <init-param>
  <param-name>gateway</param-name>
  <param-value>false</param-value>
  </init-param>
 </filter>

 <filter>
  <filter-name>CAS Validation Filter</filter-name>
  <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
  <init-param>
  <param-name>casServerUrlPrefix</param-name>
  <param-value>http://localhost:8080/cas/</param-value>
  </init-param>
  <init-param>
  <param-name>serverName</param-name>
  <param-value>http://localhost:8080</param-value>
  </init-param>
  <init-param>
  <param-name>proxyCallbackUrl</param-name>
  <param-value>http://localhost:8080/webappcas2/proxyCallback</param-value>
  </init-param>
  <init-param>
  <param-name>proxyReceptorUrl</param-name>
  <param-value>/webappcas2/proxyCallback</param-value>
  </init-param>
 </filter>

 <filter>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
 </filter>

 <filter>
  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
 </filter>

 <!-- ************************* -->

<!-- Sign out not yet implemented -->
<!--
 <filter-mapping>
  <filter-name>CAS Single Sign Out Filter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>
-->

 <filter-mapping>
  <filter-name>CAS Authentication Filter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>

 <filter-mapping>
  <filter-name>CAS Validation Filter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>
 
 <filter-mapping>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>

 <filter-mapping>
  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>

 <filter-mapping>
  <filter-name>CAS Validation Filter</filter-name>
  <url-pattern>/proxyCallback</url-pattern>
 </filter-mapping>

That's it . Now if you try to access your web app , you will be redirected to cas login page to login first.Right now CAS web app is configured to allow access with same username and password.You can configure cas-web-app as you wish. Upon successful authentication you will be served the web page from web app.


Upon success login page will redirect to your application with the SSO token.

 http://localhost:8180/Test/index.jsp?ticket=ST-1-dgreiDgEIDtz2erwfEpx-cas01.example.org

I have not configured further, I will leave it to you.

Based on your needs you can create a application session and you can do lot more stuffs.

ref : http://www.javaroots.com/2013/05/configure-cas-server-and-client-in-java.html

Thanks.
Happy coding!

No comments

Post a Comment

Subscribe to: Post Comments (Atom)