Web Server: CAS Authentication

From Resin 4.0 Wiki

Revision as of 00:00, 27 January 2012 by Cowan (Talk | contribs)
Jump to: navigation, search

Share-48.png

CAS version 3.4.10 was tested with Resin version 4.0.23 on 10/2011.

The application seems to work fine on Resin with proper configuration and fix to slf4j jars:

In webapp-jars remove:

  • slf4j-api-1.6.1.jar

And add:

  • jcl-over-slf4j-1.6.2.jar
  • jul-to-slf4j-1.6.2.jar
  • slf4j-api-1.6.2.jar
  • slf4j-jdk14-1.6.2.jar

CAS seems to work best when located at /cas, so add to resin.xm:

<web-app id="/cas" root-directory="webapps/cas-server-webapp-3.4.10"/>

It requires at least 512Mb of memory to startup:

<jvm-arg>-Xmx512m</jvm-arg>

The SSL certificates must be synchronized between HTTPS and the JVM keystore. OpenSSL or JSSE can be used for HTTPS but they must be the same certificate. See this blog post for how how to convert certificates between JSSE and OpenSSL:

http://blog.caucho.com/2011/09/28/a-reference-to-openssl-and-jsse-file-formats-and-conversions/

So add the certificate to a keystore:

<jvm-arg>-Djavax.net.ssl.keyStore=${resin.root}keys/keystore.jks</jvm-arg>
<jvm-arg>-Djavax.net.ssl.keyStorePassword=password</jvm-arg>

And then configure an HTTPS listener:

<http address="*" port="443">
 <openssl>
   <certificate-file>keys/demo.crt</certificate-file>
   <certificate-key-file>keys/private.key</certificate-key-file>
  <password>password</password>
</openssl>
<jsse-ssl>
  <key-store-type>jks</key-store-type>
  <key-store-file>keys/keystore.jks</key-store-file>
  <alias>demo</alias>
  <password>password</password>
 </jsse-ssl>
</http>

Finally if you are using a self signed certificate you must add the certificate to CACERTS in the JVM directory lib/security.

Personal tools
TOOLBOX
LANGUAGES