Yes.. but in order to get to that point you need good documentation.
On Tuesday, 30 January 2018 16:32:10 UTC+2, Martin Bohun wrote: > > “And so, my fellow cas-user-s: ask not what your cas can do for you—ask > what you can do for your cas.” > > martin > > On Tuesday, October 31, 2017 at 12:50:43 AM UTC+11, Jan wrote: >> >> Hello, >> >> As a new user of CAS, I'd like to voice my opinion that the official >> documentation of how one can get started with CAS is just awful. By this I >> mean not the lack of it, but rather how indirect, not step-by-step it is. >> Clarity could often be improved too. >> >> In the end I managed to do what I hoped for, ie investigate CAS locally >> as an SSO solution, for which I needed to (1) run CAS server locally, (2) >> connect and authenticate using a simple CAS client locally, (3) run the >> service management app. However, the difficulty I had at most steps of >> getting it all to work make me really want to use something else even if I >> have to implement parts of it from scratch.. >> >> Only now, when wanting to post this message, did I find this helpful >> guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the CAS >> team incorporate some step-by-step tutorial like this into the official >> documentation? >> >> These threads seem to voice a similar concern: >> >> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/z3BLJ0IQwZ0/wRybEK1LAQAJ >> >> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/qaAINooFi1s/D3k7Pr-7BQAJ >> >> I'm also posting the notes I made for myself during the process. I >> wouldn't have written them if there was something like this available in >> official docs, or I had found the unofficial guide earlier. I'm adding **** >> to points that took me particularly long to figure out. >> >> *Building* >> - Described here: >> https://apereo.github.io/cas/developer/Build-Process.html >> - git clone --depth=1 --single-branch --branch=master >> [email protected]:apereo/cas.git cas-server >> - cd cas-server >> - git checkout master >> - ./gradlew build install --parallel -x test -x javadoc -x check >> >> *Config* >> - Default config dir is /etc/cas/config (may need to be created, given >> permissions) If you create application.properties in there, CAS seems to >> pick them up. **** >> - You can override in there any properties listed on >> https://apereo.github.io/cas/development/installation/Configuration-Properties.html >> >> *Keys* >> - keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore >> /etc/cas/thekeystore -ext san=dns:cas-sso.local >> - Add 127.0.0.1 cas-sso.local to /etc/hosts >> - keytool -export -file /etc/cas/config/cas.crt -keystore >> /etc/cas/thekeystore -alias cas >> - sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore >> $JAVA_HOME/jre/lib/security/cacerts (default password to cacerts is >> changeit) >> - Add the following lines to application.properties in CAS config dir >> (with whatever password you set up for /etc/cas/thekeystore) **** >> server.ssl.keyStorePassword=qwer1234 >> server.ssl.keyPassword=qwer1234 >> >> *Adding JSON service registry (to get a sample client registered)* >> - Add line >>compile >> "org.apereo.cas:cas-server-support-json-service-registry:5.2.0-SNAPSHOT"<< >> to the file cas-server/webapp/cas-server-webapp-tomcat/build.gradle, >> replacing 5.2.0-SNAPSHOT with whatever version of CAS you have. The version >> can be figured out after starting CAS (is displayed). **** >> - Recompile the whole thing as above. >> - Add the following lines to application.properties in CAS config dir: >> **** >> cas.serviceRegistry.watcherEnabled=true >> cas.serviceRegistry.repeatInterval=10 >> cas.serviceRegistry.startDelay=1 >> cas.serviceRegistry.initFromJson=true >> - Add json file with service defs in directory >> cas-server/webapp/resources/services (the server seems to display which >> directory it watches after start). >> { >> "@class" : "org.apereo.cas.services.RegexRegisteredService", >> "serviceId" : "http://localhost/.*";, **** >> "name" : "testId", >> "id" : 1, >> "accessStrategy" : { >> "@class" : >> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >> "enabled" : true, >> "ssoEnabled" : true >> } >> } >> >> *Getting access to /status/dashboard endpoint ***** >> - Add the following lines to application.properties in CAS config dir: >> cas.adminPagesSecurity.ip=127\.0\.0\.1 >> cas.monitor.endpoints.enabled=true >> cas.monitor.endpoints.sensitive=false >> >> *Running* >> - cd webapp/cas-server-webapp-tomcat >> - ../../gradlew build bootRun --parallel >> >> *Simple client* >> - git clone [email protected]:apereo/phpCAS.git >> - cd phpCAS >> - Copy docs/examples/config.example.php to docs/examples/config.php and >> edit: >> // Full Hostname of your CAS Server >> $cas_host = 'cas-sso.local'; >> // Context of the CAS Server >> $cas_context = '/cas'; >> // Port of your CAS server. Normally for a https server it's 443 >> $cas_port = 8443; >> - Make the file docs/examples/example_simple.php accessible by www. >> - Navigate to http://localhost/phpCAS/docs/examples/example_simple.php >> >> *Service management app* >> - Based on https://github.com/apereo/cas-services-management-overlay >> - git clone [email protected]:apereo/cas-services-management-overlay.git >> - cd cas-services-management-overlay >> - ./build.sh package >> - This creates target/cas-management.war, which should be deployed to >> Tomcat. Make sure Tomcat uses the same Java as CAS server. Otherwise, it >> won't find the SSL keys in the Java truststore. **** >> - On first run, it copies various files from cas/config into >> /etc/cas/config. You may want to update management.properties as follows, >> in particular: >> # CAS server that management app will authenticate with >> # This server will authenticate for any app (service) and you can login >> as casuser/Mellon >> cas.server.name: https://cas-sso.local:8443/ >> cas.server.prefix: https://cas-sso.local:8443/cas >> cas.mgmt.adminRoles[0]=ROLE_ADMIN >> cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties >> # Update this URL to point at server running this management app >> cas.mgmt.serverName=http://localhost:8080 >> server.context-path=/cas-management >> server.port=8080 >> logging.config=file:/etc/cas/config/log4j2-management.xml >> - http://localhost:8080/cas-management >> >> *Conclusions* >> - Really painful to set up. >> - CAS documentation is very unclear, tons of linked documents, not sure >> where to find information. >> - Wonder if better to do OAuth2 even if redirecting to Google / FB needs >> to be implemented from scratch. >> >> --- >> >> With all that, thank you for writing and maintaining this software. It >> does seem like a good choice for SSO solutions - but the initial learning >> curve shouldn't be quite so sharp. >> >> Jan >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7a2cc707-3cac-47be-86b1-287b33f051b6%40apereo.org.
