Setting up CAS server

build.gradle

apply plugin: 'org.springframework.boot'
apply from: 'http://dl.bintray.com/scalding/generic/waroverlay.gradle'
apply from: 'https://raw.githubusercontent.com/apereo/cas/5.0.x/gradle/overrides.gradle'

bootRepackage {
    enabled = false
}

springBoot  {
    mainClass = "org.springframework.boot.loader.WarLauncher"
}

bootRun {
    addResources = true
}

repositories {
    mavenLocal()
    jcenter()
    maven { url 'https://oss.sonatype.org/content/repositories/snapshots' }
    maven { url 'https://build.shibboleth.net/nexus/content/repositories/releases' }
}

dependencies {
    compile "org.apereo.cas:cas-server-webapp:${project.'cas.version'}@war"
    compile "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-generic:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"
}

task copyConfig(type: Copy) {
    println "Copying configuration to ./etc/cas/config"
    from "${project.rootDir}/etc/cas/config"
    into 'etc/cas/config'
}

war {
    dependsOn copyConfig
    baseName 'cas'
    includeWarJars = true
    entryCompression = ZipEntryCompression.STORED
    manifest {
        from manifestFile()
    }
}

task explodeWar(type: Copy) {
    group = "build"
    description = "Explode the cas.war"
    from zipTree(project.war.outputs.files.singleFile)
    into "${buildDir}/cas"
}

File manifestFile() {
    def warfile = configurations.runtime.asFileTree.matching {
        include '**/*.war'
    }
    def manifest = zipTree(warfile.singleFile).matching {
        include '**/*.MF'
    }
    def dst = new File("${project.rootDir}/etc/cas/MANIFEST.MF")
    dst.delete()
    dst << manifest.singleFile.text
    return dst
}

task generateKeys {
  group = 'CAS'
  description = 'generate keys for CAS. These keys can be added to your application.properties file'
  doLast {
    println 'Generating keys for CAS...'
    ['cas.tgc.encryptionKey': 256, 'cas.tgc.signingKey': 512, 'cas.webflow.encryption.key': 96, 

'cas.webflow.signing.key': 512].each { key, size ->
        def octetKey = OctJwkGenerator.generateJwk(size)
        def params = octetKey.toParams(JsonWebKey.OutputControlLevel.INCLUDE_SYMMETRIC)
        println "${key}=${params.get('k')}"
    }
  }
}

cas.properties

cas.server.name=https://cas.example.org:8443
cas.server.prefix=https://cas.example.org:8443/cas
cas.authn.accept.users=
cas.adminPagesSecurity.ip=127\.0\.0\.1

logging.config=file:/etc/cas/config/log4j2.xml

cas.authn.jdbc.search[0].fieldUser=UserName
cas.authn.jdbc.search[0].tableUsers=SampleLogin
cas.authn.jdbc.search[0].fieldPassword=Password
cas.authn.jdbc.search[0].isolateInternalQueries=false
cas.authn.jdbc.search[0].failFast=true
cas.authn.jdbc.search[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.jdbc.search[0].leakThreshold=10
cas.authn.jdbc.search[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.jdbc.search[0].batchSize=1
cas.authn.jdbc.search[0].ddlAuto=create-drop
cas.authn.jdbc.search[0].maxAgeDays=180
cas.authn.jdbc.search[0].autocommit=false
cas.authn.jdbc.search[0].idleTimeout=5000
cas.authn.jdbc.search[0].credentialCriteria=
cas.authn.jdbc.search[0].order=0
cas.authn.jdbc.search[0].driverClass=net.sourceforge.jtds.jdbc.Driver
cas.authn.jdbc.search[0].url=jdbc:jtds:sqlserver://skyhost35;integratedSecurity=true;databaseName=IDSSample;
cas.authn.jdbc.search[0].user=sa
cas.authn.jdbc.search[0].password=pw
cas.authn.jdbc.search[0].healthQuery=select 1 from SampleLogin
cas.authn.jdbc.search[0].passwordEncoder.type=NONE

install.md

Deploying CAS with SAML on Windows Server 2002

This document is a step by step guide for installing CAS server with SAML 2.0 capabilities.

CAS in deployment is basically a .war or web .jar file. The final goal is to compile one such deployment and set up the corresponding configuration files.

Setting up environment

1. Install JDK 8

2. Set up JAVA_HOME and (Optinoally) JRE_HOME

This variable is used by the Gradle build system.

In a commandline prompt, execute

set JAVA_HOME="C:\Program Files\Java\jdk1.8.0_121"

Clone gradle overlay

git clone https://github.com/apereo/cas-gradle-overlay-template.git

Gradle overlay is a build file that will pull everything (including gradle itself) from designated sources.

Replace the cas/build.gradle file with the file attached. This file pulls from the original Apereo cas server repositories. It also contains the required jdbc driver and shibboleth dependencies.

Line #27, cas-server-support-generic, is for authenticating with a text file for test purposes. and can be removed if not needed.

Build

In a commandline prompt, type

gradlew.bat clean build

This will pull all the required dependencies.

Set up configs

Before running the compiled cas.war, set up the configs.

To run CAS under https, a key file is needed. The keyfile is called thekeystore and has to be placed under C:\etc\thekeystore as defined in the compiled file. Use the java keytool under $JAVA_HOME\bin to generate an unsigned RSA private key and certificate. This is required for CAS.

Note

For Windows Server 2002, the config file has to be under directory C:\etc\cas\config\cas.properties. Sample config is attached.

This path is defined during build time so it cannot be changed.

Alternatively, supply an argument when executing the jar file. For example, --spring.cloud.config.server.native.searchLocations=file:///C:/www/cas-gradle-overlay-template/etc/cas/config

Run

Use the same version of java during compile time, in this case use:

C:\Program Files\Java\jdk1.8.0_121\bin\java.exe" -jar cas\build\libs\cas.war

to start a webserver. The webserver is a local installation of Tomcat.

How to use SAML2.0 with CAS

https://apereo.github.io/cas/5.0.x/installation/Configuring-SAML2-Authentication.html