SSO using Jasig CAS Server 4.0.0. Part 1

  • Tutorial
Imagine that you have a web project that consists of two or more parts ( part1.example.com ) and the second part ( part2.example.com ). Now you are faced with the task of making User Authentication, but so that when a user logs into any part of a web project once, for example, in the first, then in the second he should already be authenticated.

Such process is called user authentication SSO and SSO (Single Sign-On) .
On Habr already there is a similar article Jasig CAS - authentication server, but it’s a little dated because CAS Server 3. is used there * and in my opinion it is not detailed enough for people who are trying to implement SSO for the first time using Jasig CAS (Central Authentication Service), but the theory is pretty well described there, so I recommend that you also look .

Please note that we will configure the Jasig CAS Server which will authenticate the user and give it to web clients. In the future I plan to write about the client implementation for this server.

Creating a Maven Project and Adding Dependencies


Since this tutorial will explain everything in order.
Create a simple Maven project and add the following dependencies in pom.xml :

4.0.0org.jasig.cascas-server-webapp${cas.version}warruntimeorg.jasig.cascas-server-support-generic${cas.version}jar

cas-server-webapp is a standard server, which we will later configure for ourselves;
cas-server-support-generic - and this library will allow us to configure the server for ourselves.

And also connect the build plugin:
maven-war-plugincas

It will allow us to assemble our project with context /cas.

After Maven downloads CAS, a new folder will appear in your project in which there will already be a CAS 4.0.0 server assembly by default.



Now it will be possible to deploy and run, but first we need to perform a small configuration of Tomcat since we will deploy to it.

Tomcat configuration and key generation


I don’t want to repeat myself, so I’ll provide a link to a more detailed description of the material that will be below, here is a link to the description .

First of all, you need to generate a certificate and register it, for this we will use the standard keytool that is in every JDK.

1. Generate Java Key Store:
keytool -genkey -alias casdc -keypass 12345678 -keystore ssoServer.jks -storepass 12345678 -validity 365

2. Now create a certificate based on the already generated storage:
keytool -export -alias casdc -file casServerPublic.cer -keystore ssoServer.jks -storepass 12345678

3. And we import the received certificate into the trust certificate store:
keytool -import -alias casdc -file casServerPublic.cer -keypass 12345678 -keystore "C:/Program Files/Java/jdk1.7.0/jre/lib/security/cacerts" -storepass changeit

After that, go to the ./apache-tomcat-8.0.9/conf folder and open the server.xml file for editing, find the line there: Define a SSL HTTP/1.1 Connector on port 8443
and after this line, by default it is about 83 lines, insert the following xml Frehmet:

Please note that I placed the generated ssoServer.jks repository in the C: / keys / ssoServer.jks folder and after that indicated the full path to it.

keyAlias is the alias we specified in the first step of generating the repository.
keystorePass - password for our keystore.
Thus, we configured HTTPS, which is so necessary for the CAS server.

After that, you can start Tomcat and patch up our project.
After that, follow the link: https: // localhost: 8443 / cas / - this is a cas server with a standard configuration.

You should see the following:

If you have a red bar with a test, it means that you did something wrong and HTTPS is not enabled.
And in order to verify that the CAS server has successfully started and is working, let's log in. To do this, you need to enter the standard username and password:
Login: casuser
Password: Mellon

After a successful login you should see:


Congratulations, we launched the CAS server. In the next post I will tell you how to customize AuthenticationHandler, namely the ability to get a user from a database or other external system.

Do not judge strictly, this is my first prototype on this topic, and if there are any comments, I will listen with pleasure. I also constantly improve it and I will write about new achievements, of course, if it will be interesting to someone.

Sources of the project on Github: https://github.com/alexbarchuk/local-cas
Source:https://wiki.jasig.org/display/CASUM/Configuring

Also popular now: