Fork me on GitHub

n. Slang a rough lawless young Kuali developer.
[perhaps variant of Houlihan, Irish surname]
kualiganism n

Blog of an rSmart Java Developer. Full of code examples, solutions, best practices, et al.

Sunday, April 10, 2011

Setting up CAS on KC/Rice

Screencast

Just a screencast to show where to get the files and how to set it up.

Instructions


1 Download Source from rSmart

% svn co  https://svn.rsmart.com/svn/kuali/rice/rsmart_rice_core/trunk rsmart_rice_core

2 Copy Example Config

% cp web/src/main/config/example-config/rice-config.xml $HOME/kuali/main/dev/

3 Copy Contents of LDAP Example Config

% cat ldap/src/main/config/example-config.xml

You should see something that looks like:
<!--
Copyright 2008-2009 The Kuali Foundation

Licensed under the Educational Community License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.opensource.org/licenses/ecl2.php

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<config>
<param name="cas.url">http://localhost:8080/${cas.context.name}</param>
<param name="cas.require.https">false</param>
<param name="cas.validate.password">true</param>
<param name="cas.rice.server.name">${appserver.url}</param>

<param name="filter.login.class">org.jasig.cas.client.authentication.AuthenticationFilter</param>
<param name="filter.login.casServerLoginUrl">${cas.url}/login</param>
<param name="filter.login.serverName">${appserver.url}</param>
<param name="filtermapping.login.1">/</param>

<param name="filter.validation.class">org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</param>
<param name="filter.validation.casServerUrlPrefix">${cas.url}</param>
<param name="filter.validation.serverName">${appserver.url}</param>
<param name="filtermapping.validation.2">/</param>

<param name="filter.caswrapper.class">org.jasig.cas.client.util.HttpServletRequestWrapperFilter</param>
<param name="filtermapping.caswrapper.3">/</param>

<param name="rice.ldap.username">uid=user,ou=Ldap Users,dc=localhost</param>
<param name="rice.ldap.password">[secret]</param>
<param name="rice.ldap.url">ldaps://localhost:636</param>
<param name="rice.ldap.base">ou=People,dc=localhost</param>
<param name="rice.additionalSpringFiles">org/kuali/rice/kim/config/KIMLdapSpringBeans.xml</param>
</config>

When you finish, your config should look like:
<!--
Copyright 2008-2009 The Kuali Foundation

Licensed under the Educational Community License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.opensource.org/licenses/ecl2.php

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<config>

<!-- Please fill in a value for this parameter! -->
<param name="http.port">8080</param>
<param name="application.host">http://yourserver</param>
<param name="application.url">${application.host}:${http.port}/${app.context.name}</param>

<param name="plugin.dir">/usr/local/rice/plugins</param>

<!-- set some datasource defaults -->
<param name="datasource.username">rice</param>
<param name="datasource.password">*** password ***</param>

<!-- MySQL example -->
<param name="datasource.ojb.platform">MySQL</param>
<param name="datasource.platform">org.kuali.rice.core.database.platform.MySQLDatabasePlatform</param>
<param name="datasource.url">jdbc:mysql://localhost:3306/${datasource.username}</param>
<param name="datasource.driver.name">com.mysql.jdbc.Driver</param>
<param name="datasource.pool.validationQuery">select 1</param>

<!-- Oracle example
<param name="datasource.ojb.platform">Oracle9i</param>
<param name="datasource.platform">org.kuali.rice.core.database.platform.OracleDatabasePlatform</param>
<param name="datasource.url">jdbc:oracle:thin:@localhost:1521:XE</param>
<param name="datasource.driver.name">oracle.jdbc.driver.OracleDriver</param>
<param name="datasource.pool.validationQuery">select 1 from dual</param>
-->

<param name="attachment.dir.location">/usr/local/rice/kew_attachments</param>
<param name="data.xml.root.location">/usr/local/rice/kew/xml</param>

<!-- log4j settings -->
<param name="log4j.settings.path">/usr/local/rice/log4j.properties</param>
<param name="log4j.settings.reloadInterval">5</param>

<!-- Keystore Configuration -->
<param name="keystore.file">/usr/local/rice/rice.keystore</param>
<param name="keystore.alias">*** key alias ***</param>
<param name="keystore.password">*** password ***</param>

<param name="mail.relay.server">localhost</param>
<param name="mailing.list.batch">mailing.list.batch</param>
<param name="encryption.key">*** encryption key ***</param>

<param name="cas.url">http://localhost:8080/${cas.context.name}</param>
<param name="cas.require.https">false</param>
<param name="cas.validate.password">true</param>
<param name="cas.rice.server.name">${appserver.url}</param>

<param name="filter.login.class">org.jasig.cas.client.authentication.AuthenticationFilter</param>
<param name="filter.login.casServerLoginUrl">${cas.url}/login</param>
<param name="filter.login.serverName">${appserver.url}</param>
<param name="filtermapping.login.1">/</param>

<param name="filter.validation.class">org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</param>
<param name="filter.validation.casServerUrlPrefix">${cas.url}</param>
<param name="filter.validation.serverName">${appserver.url}</param>
<param name="filtermapping.validation.2">/</param>

<param name="filter.caswrapper.class">org.jasig.cas.client.util.HttpServletRequestWrapperFilter</param>
<param name="filtermapping.caswrapper.3">/</param>

<param name="rice.ldap.username">uid=user,ou=Ldap Users,dc=localhost</param>
<param name="rice.ldap.password">[secret]</param>
<param name="rice.ldap.url">ldaps://localhost:636</param>
<param name="rice.ldap.base">ou=People,dc=localhost</param>
<param name="rice.additionalSpringFiles">com/rsmart/kuali/rice/ldap/KIMLdapSpringBeans.xml</param>

<!-- Sample Application Flag -->
<param name="sample.enabled">false</param>

<param name="dev.mode">false</param>
</config>

Notice that the DummyLoginFilter is not to be found. This is important. This handles logins by default. You don't want it around when you're configuring CAS.

4 Make Changes to Config

Right now, CAS is configured for localhost. At your institution, you will want to point this to your REAL CAS server. Also, make sure to set the cas.context.name. It is probably better to use https as well.
    <param name="cas.context.name">webauth</param>
<param name="cas.url">https://webauth.arizona.edu/${cas.context.name}</param>
<param name="cas.require.https">false</param>
<param name="cas.validate.password">true</param>
<param name="cas.rice.server.name">${appserver.url}</param>

<param name="filter.login.class">org.jasig.cas.client.authentication.AuthenticationFilter</param>
<param name="filter.login.casServerLoginUrl">${cas.url}/login</param>
<param name="filter.login.serverName">${appserver.url}</param>
<param name="filtermapping.login.1">/</param>

<param name="filter.validation.class">org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</param>
<param name="filter.validation.casServerUrlPrefix">${cas.url}</param>
<param name="filter.validation.serverName">${appserver.url}</param>
<param name="filtermapping.validation.2">/</param>

<param name="filter.caswrapper.class">org.jasig.cas.client.util.HttpServletRequestWrapperFilter</param>
<param name="filtermapping.caswrapper.3">/</param>

<param name="rice.ldap.username">uid=user,ou=Ldap Users,dc=eds,dc=arizona,dc=edu</param>
<param name="rice.ldap.password">[secret]</param>
<param name="rice.ldap.url">ldaps://eds.arizona.edu:636</param>
<param name="rice.ldap.base">ou=People,dc=eds,dc=arizona,dc=edu</param>
<param name="rice.additionalSpringFiles">com/rsmart/kuali/rice/ldap/KIMLdapSpringBeans.xml</param>

5 Configure LDAP

At UA, we setup there is an institutional directory service called EDS. Your institution may also have one. I configured it like this,
  <param name="rice.ldap.username">uid=user,ou=Ldap Users,dc=eds,dc=arizona,dc=edu</param>
<param name="rice.ldap.password">[secret]</param>
<param name="rice.ldap.url">ldaps://eds.arizona.edu:636</param>
<param name="rice.ldap.base">ou=People,dc=eds,dc=arizona,dc=edu</param>
<param name="rice.additionalSpringFiles">com/rsmart/kuali/rice/ldap/KIMLdapSpringBeans.xml</param>

6 Love

That's it. This is a runtime configuration, so simply restarting my application server will reload this configuration and make the changes live.

No comments:

Post a Comment