general:linux:cas
Table of Contents
Installing Apereo CAS server on Debian Jessie (together with Guacamole)
CAS WAR overlay
$ git clone https://github.com/apereo/cas-overlay-template
$ git checkout 5.1
We want JSON service registry, google auth and ldap support
Diff for adding our extra dependencies to pom.xml
$ git diff pom.xml diff --git a/pom.xml b/pom.xml index 126dc7c..51e35f0 100755 --- a/pom.xml +++ b/pom.xml @@ -66,13 +66,43 @@ <type>war</type> <scope>runtime</scope> </dependency> + <dependency> + <groupId>org.apereo.cas</groupId> + <artifactId>cas-server-webapp-config-security</artifactId> + <version>${cas.version}</version> + </dependency> + <dependency> + <groupId>org.apereo.cas</groupId> + <artifactId>cas-server-support-jdbc-drivers</artifactId> + <version>${cas.version}</version> + </dependency> + <dependency> + <groupId>org.apereo.cas</groupId> + <artifactId>cas-server-support-json-service-registry</artifactId> + <version>${cas.version}</version> + </dependency> + <dependency> + <groupId>org.apereo.cas</groupId> + <artifactId>cas-server-support-gauth</artifactId> + <version>${cas.version}</version> + </dependency> + <dependency> + <groupId>org.apereo.cas</groupId> + <artifactId>cas-server-support-gauth-jpa</artifactId> + <version>${cas.version}</version> + </dependency> + <dependency> + <groupId>org.apereo.cas</groupId> + <artifactId>cas-server-support-ldap</artifactId> + <version>${cas.version}</version> + </dependency> </dependencies> <properties> <cas.version>5.1.9</cas.version> <springboot.version>1.5.3.RELEASE</springboot.version> <!-- app.server could be -jetty, -undertow, -tomcat, or blank if you plan to provide appserver --> - <app.server>-tomcat</app.server> + <app.server></app.server> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
asuadmin@wrkm-guacamole:~/cas-overlay-template$ bash build.sh package
root@wrkm-guacamole:/home/asuadmin/cas-overlay-template# cp target/cas.war /var/lib/tomcat8/webapps/
Fix so logging works
root@wrkm-guacamole:~# mkdir -p /etc/cas/logs root@wrkm-guacamole:~# chown tomcat8 /etc/cas/logs/
Make connections to port :8080 trusted as secure
We can do this since we use HTTPS on the reverse proxy to localhost:8080
root@wrkm-guacamole:/etc/tomcat8# diff -u /etc/tomcat8/server.xml-org /etc/tomcat8/server.xml --- /etc/tomcat8/server.xml-org 2017-06-21 13:36:46.000000000 +0200 +++ /etc/tomcat8/server.xml 2017-11-05 21:08:49.050114344 +0100 @@ -68,7 +68,7 @@ --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" /> + secure="true" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool"
Changes to tomcat8 startup parameters
In /etc/default/tomcat8
JAVA_OPTS=“-Djava.awt.headless=true -XX:+UseConcMarkSweepGC -Djava.security.egd=file:/dev/./urandom -Djava.security.auth.login.config=file:/etc/cas/config/jaas.config -Djava.security.krb5.conf=/etc/krb5.conf”
Apache reverse proxy
root@wrkm-guacamole:/etc/apache2/conf-available# cat cas-rproxy.conf <Location /cas/> SSLRequireSSL Order allow,deny Allow from all ProxyPass http://localhost:8080/cas/ ProxyPassReverse http://localhost:8080/cas/ </Location>
Updated instructions for Apereo CAS 6.3 on Debian Buster
To just build the standard default build
$ git clone https://github.com/apereo/cas-overlay-template cas-overlay-template-6.3.x $ git checkout origin/6.3 -b wrkm-6.3 $ ./gradlew build [...] $ ls -l build/libs/cas.war -rw-r--r-- 1 xxx xxx 101063231 Mar 16 09:18 build/libs/cas.war
Add our dependencies, and choose to run in the Debian tomcat container
diff --git a/build.gradle b/build.gradle index 89791ab..3d646b4 100644 --- a/build.gradle +++ b/build.gradle @@ -82,6 +82,14 @@ dependencies { } // CAS dependencies/modules may be listed here statically... implementation "org.apereo.cas:cas-server-webapp-init:${casServerVersion}" + implementation "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}" + implementation "org.apereo.cas:cas-server-support-jpa-ticket-registry:${project.'cas.version'}" + implementation "org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}" + implementation "org.apereo.cas:cas-server-support-gauth:${project.'cas.version'}" + implementation "org.apereo.cas:cas-server-support-gauth-jpa:${project.'cas.version'}" + implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}" + implementation "org.apereo.cas:cas-server-support-reports:${project.'cas.version'}" + implementation "org.apereo.cas:cas-server-support-oauth-webflow:${project.'cas.version'}" } tasks.findByName("jibDockerBuild") diff --git a/gradle.properties b/gradle.properties index cd77ab2..4c0e900 100644 --- a/gradle.properties +++ b/gradle.properties @@ -4,7 +4,7 @@ springBootVersion=2.3.7.RELEASE # Use -jetty, -undertow to other containers # Or blank if you want to deploy to an external container -appServer=-tomcat +appServer= executable=false tomcatVersion=9.0.43
Extract the War to get hold of the files that may need to be modified
$ ./gradlew explodeWar
Then copy and modify files like so:
cp build/cas-resources/templates/fragments/footer.html src/main/resources/templates/fragments/
Added to the server.xml - in addition to previous noted changes
<!-- Remote IP Valve - to parse the X-Forwarded-For type headers --> <Valve className="org.apache.catalina.valves.RemoteIpValve" />
general/linux/cas.txt · Last modified: 2021/03/16 14:36 by sunkan