[cas-user] Need help with CAS/SSO/LDAP config on Tomcat 8

Mon, 15 Aug 2016 16:19:42 -0700 

As a first exercise, I configured CAS 4.2.1 on Tomcat 8 / Java 8 using the 
Maven overlay, configuring the resulting cas.war and the sample Java client 
webapp (cas-sample-java-webapp) to authenticate against LDAP. I was able to 
get this working successfully. 

Now that I have this initial configuration working -- which essentially 
requires every new webapp to be individually configured to use CAS, I would 
like to transition to secure the entire Tomcat container to use CAS to 
authenticate against LDAP, such that all deployed webapps are secured with 
SSO, without requiring any specific configuration in the deployed webapps. 
I have seen references to this in older versions of the CAS / client 
documentation, but nothing that really shows definitively how to configure 
this, or to hit LDAP. I tried throwing a valve in the server's context.xml 
file as follows: 

  <Valve
    className="org.jasig.cas.client.tomcat.v8.Cas20CasAuthenticator"
    encoding="UTF-8"
    casServerLoginUrl="https://localhost:8443/cas/login";
    casServerUrlPrefix="https://localhost:8443/cas";
    serverName="localhost"
    />

But this just blows up Tomcat on startup -- every webapp startup fails. So 
I have two questions: 

1. At this point, is it even possible to set up CAS 4.2.1 on Java 8/Tomcat 
8 to authenticate against LDAP using server-wide configuration (i.e. no 
deployed web-apps need CAS-specific configuration, in other words, any app 
deployed to that Tomcat instance will be secured behind LDAP-authenticated 
SSO)? 
2. If the answer to #1 is that yes, it is possible, how is this 
accomplished in Tomcat config? 

Thanks in advance for your help. 

Brad

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/72a33e98-d06d-4860-8a6c-8dd1949a81a9%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Reply via email to