This section describes how to set up a simple CAS server for testing purposes. If you have an existing CAS server you want to use, you can skip this section. |
CAS is maintained and distributed by Jasig, a consortium of educational institutions and commercial affiliates sponsoring open source software projects. Jasig provides a CAS server packaged as a web application that includes a built-in authentication module that can be used for testing. The built-in authentication module accepts any username and password combination where the username and password are the same. You can download the server from the Jasig download page http://www.jasig.org/cas/download.
As described in the next section, the CAS validation service only accepts requests using a secure transport. This means that you must have a valid certificate on your CAS server machine, and your CAS client (the JasperReports Server JVM) must be configured to trust that certificate. There are two important points to keep in mind:
• | Test with the CAS server on a separate machine, not the localhost where JasperReports Server is installed. For this purpose, you can use a virtual machine. |
• | Most issues in configuring CAS are caused by the improper use of certificates. The single most common failure is that the hostname in the server’s certificate doesn’t match the actual hostname. |
To create a certificate for the server you must use the Java keytool utility. Run the following command on the host of the CAS server:
keytool -genkey -alias tomcat -keyalg RSA -validity 365 -keystore <filename>
The utility prompts you for several pieces of information, two of which are critical. When prompted for your first and last name enter the hostname of the CAS server. When asked for the keystore password use changeit to match what Apache Tomcat uses by default.
After installation of the CAS server, configure the Apache Tomcat application server that is running the CAS server so that it uses the certificate in the keystore created above. Modify $CATALINA_HOME/conf/server.xml, locate the commented section about setting up a secure HTTPS connector, and follow the instructions it contains. Restart the Tomcat server and test that it accepts HTTPS connections.
For further information about CAS, including deployment information, documentation, and community links, refer to the Jasig CAS website http://www.jasig.org/cas. In particular, the page https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide can help you deploy your certificates.
CAS server is based on Spring Security, like JasperReports Server. In a production environment, you must replace the built-in authentication for testing with an external authority that validates your users when they log into CAS. As with JasperReports Server, you can configure CAS with a variety of external authorities to suit your needs, including LDAP. However, the external authority used by CAS may not be accessible to JasperReports Server. Follow the CAS documentation to ensure you create a secure and robust configuration on your CAS server. |
Recommended Comments
There are no comments to display.