Web Server: CAS Authentication
From Resin 4.0 Wiki
m (moved CAS Authentication to Web Server: CAS Authentication) |
Revision as of 00:00, 28 January 2012
CAS version 3.4.10 was tested with Resin version 4.0.23 on 10/2011.
The application seems to work fine on Resin with proper configuration and fix to slf4j jars:
In webapp-jars remove:
- slf4j-api-1.6.1.jar
And add:
- jcl-over-slf4j-1.6.2.jar
- jul-to-slf4j-1.6.2.jar
- slf4j-api-1.6.2.jar
- slf4j-jdk14-1.6.2.jar
CAS seems to work best when located at /cas, so add to resin.xm:
<web-app id="/cas" root-directory="webapps/cas-server-webapp-3.4.10"/>
It requires at least 512Mb of memory to startup:
<jvm-arg>-Xmx512m</jvm-arg>
The SSL certificates must be synchronized between HTTPS and the JVM keystore. OpenSSL or JSSE can be used for HTTPS but they must be the same certificate. See this blog post for how how to convert certificates between JSSE and OpenSSL:
http://blog.caucho.com/2011/09/28/a-reference-to-openssl-and-jsse-file-formats-and-conversions/
So add the certificate to a keystore:
<jvm-arg>-Djavax.net.ssl.keyStore=${resin.root}keys/keystore.jks</jvm-arg> <jvm-arg>-Djavax.net.ssl.keyStorePassword=password</jvm-arg>
And then configure an HTTPS listener:
<http address="*" port="443"> <openssl> <certificate-file>keys/demo.crt</certificate-file> <certificate-key-file>keys/private.key</certificate-key-file> <password>password</password> </openssl> <jsse-ssl> <key-store-type>jks</key-store-type> <key-store-file>keys/keystore.jks</key-store-file> <alias>demo</alias> <password>password</password> </jsse-ssl> </http>
Finally if you are using a self signed certificate you must add the certificate to CACERTS in the JVM directory lib/security.