Home » Blogs » yeah's blog

CAS Quick Install

Submitted by yeah on Tue, 2010-05-18 13:14

Does anyone out there has a quick, short, or otherwise abbreviated set of instructions for installing CAS? Preferably for a tiered environment.
If so, would you mind posting it here or emailing me a file? [t] at [sandiego] dot [edu] ?

Thank you.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Cas Server Already Installed

Submitted by medmonds on Tue, 2010-05-18 15:08.

If you're just looking to use the CAS server that is bundled with luminis, it should already be installed. Check webapps/luminis/WEB-INF/web.xml to see if the appropriate servlets are enabled.

If you're looking to authenticate using an existing, external CAS server, that's a bit more complicated.

Do tell...

Submitted by a_calder on Mon, 2010-11-22 22:21.

I am just embarking on authenticating to an external CAS server... how much more complicated is it and do you have notes?

VCCCD PD CAS Setup

Submitted by mrose on Tue, 2010-05-18 17:55.

Here is a pretty rough run-down of our steps to get CAS working in PD. We're on 4.2.1.0. I think this is the earliest version of luminis that CAS will run in PD. Also of note, our load balancer cannot direct traffic to the resource tier based on path (/cas/*) so we had to create a new vanity name for: cas.school.edu and route that traffic to the resource tier.

Install See: FAQ#: 1-3FWPV6 and lp40000pdim.pdf

  • Add a new "service on the load balancer"
    • SSL off-load: cas.school.edu:443 -> lumresourceserver.school.edu:80
  • Add rule to firewall to allow port 443 to cas.school.edu
  • CAS Removed from all portal servers (FAQ#: 1-4OBQ7A)
    • removed from $CP_WEBINF/lib
      • cas-client-core-3.0.jar
      • cas-server-3.0.5.jar
      • sghe-cas-client.jar (docs said to remove cas.jar but didn't find it)
  • removed CAS elements from $CP_ROOT\webapps\luminis\WEB-INF\web.xml (see remove-cas-from-web-xml.txt)
  • CAS Configman Settings
    • com.pipeline.cas.ExternalSessionCache.sessionEventNotification=remote-provider
    • remotesessioneventlistener.0.url=http://lumresourceserver.school.edu/cas/sessionEventNotify
    • edu.yale.its.tp.cas.serverName=cas.vcccd.edu
    • cas.fqn=cas.school.edu
    • com.pipeline.cas.ExternalSessionCache.isImmutableIdUseEnabled=true
      #Testing - not documented
    • edu.yale.its.tp.cas.client.filter.loginUrl=https://cas.school.edu/cas/login
    • edu.yale.its.tp.cas.client.filter.validateUrl=https://cas.school.edu/cas/proxyValidate
      #service registration
    • cas.check.service.registration=true
    • cas.service.myapp=http://myapp.someurl.com/login
    • cas.service.myotherapp=http://myotherapp.someotherurl.com/signin.jsp
  • CAS Resource Server Site-Specific Configman Settings
    • configman -s fos.enabled false -c site -h
    • WARNING - This may break Banner Smart Events. We needed a patch from SG.
  • Modify logging properties on resource server only (FAQ#: 1-4Q9OBR)
    • webapps/luminis/WEB-INF/config/cplog4j.properties
  • Modify cas jsp pages on resource server only (FAQ#: 1-3FWPV6)
    • webapps/luminis/cas/login-cp.jsp
    • webapps/luminis/cas/logout-cp.jsp
  • Modify websecure.email.xml (configman -g web.secure.access.config)
    • Change cas -> secure to "opt" (was true)
  • Run checkssl lumresourceserver.school.edu from all tiers.
  • remotesessioneventlistener.0.url
    • If using SSL with the LB vanity name, check that the fqdn resolves to LB IP and checkssl has been run.
    • If using SSL with internal hostname, make sure cert isn't expired and run checkssl.
    • If using http, no worries.
  • bump all servers
Syndicate content