ESUP CAS

This package (esup cas-toolbox-new v3 and v4) is used to deploy and customize a CAS server (v3.4.1x or v4.0.x) You must have JDK (1.6 or greater), Maven 3 install (and Tomcat 7 or greater)

Deploying a CAS server into an existing Tomcat installation
Simplifying and centralizing CAS configuration
- config.properties file and Authentication “HandlersDiscover” functionality
Esup pre-settings and add-ons
- Esup Theme, LDAP, Logging, TraceMe, Stats, BlockAttack, SAML 1.1…
- Configured modules that user can activate : Memcached, Rest…

Install

git clone https://github.com/EsupPortail/cas-toolbox-new.git
git checkout v4.0.x
Rename config.sample.properties to config.properties
Set the deploy.path property in config.properties
Configure config.properties
(Set customizations in the cas-toolbox-custom directory : deployerConfigContext.xml for example )
Initialize and deploy in an existing Tomcat by running mvn clean package
Start Tomcat and browse http://localhost:8080/cas http://localhost:8080/cas-management

Directories Structure

An integrator can easily copy the files from cas-toolbox-core (or the Apereo CAS project) to cas-toolbox-custom and then modify the files.

cas-toolbox-core
  |-- src/main/java
  |-- src/main/webapp
  |-- target
  pom.xml
cas-toolbox-custom
  |-- src/main/webapp
  |-- target
  pom.xml
cas-toolbox-management
  |-- src/main/webapp
  |-- target
  pom.xml
etc
config.sample.properties
config.properties
pom.xml

target : folders where cas server was build before deploy
cas-toolbox-core : folder that stores all esup addons and preconfigurations of the cas server
cas-toolbox-core/src/main/java : java sources added or updated by the esup packaging
cas-toolbox-core/src/main/webbapp : files of webpages, configurations (spring, log, messages...) updated by the esup packaging
cas-toolbox-custom : folder where you can put your configurations and cutomizations of the cas server (the same stucture of cas-toolbox-core folder)
cas-toolbox-management : folder that stores a default configuration of the services management module of the cas server
etc : HOWTo help files, scripts, notice and licence examples...
config.sample.properties : esup cas configuration example
config.properties : esup cas configuration file (with University )

Statistics, Monitoring and Logs

Esup Stats Page: /cas/stats.jsp

SERVICE_TICKET_CREATED : 1
TICKET_GRANTING_TICKET_CREATED : 1
AUTHENTICATION_SUCCESS : 1
AUTHENTICATION_FAILED : 1
SERVICE_TICKET_VALIDATED : 1
TICKET_GRANTING_TICKET_NOT_CREATED : 1

Apereo Monitoring Page: /cas/status

Health: OK
	1.MemoryMonitor: OK - 418,07MB free, 623,54MB total.
	2.SessionMonitor: OK - 1 sessions. 0 service tickets.

Esup User and Service Stats Logs: serviceStats.log

[Sun May 31 16:01:15 CEST 2015] [IP:127.0.0.1] [ID:admin] [TICKET:ST-1-ZW74nIKOVEECbowbB0BT-localhost] [SERVICE:http://localhost:8080/cas-management/j_spring_cas_security_check] [USER-AGENT:Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0]

Apereo Performance Statistics Logs: perfStats.log

Performance Statistics   2015-05-31 16:01:00 - 2015-05-31 16:02:00
Tag                                                  Avg(ms)         Min         Max     Std Dev       Count
AUTHENTICATE                                            21,0          21          21         0,0           1
CREATE_TICKET_GRANTING_TICKET                           25,0          25          25         0,0           1
GRANT_SERVICE_TICKET                                     3,0           3           3         0,0           1
VALIDATE_SERVICE_TICKET                                  1,0           1           1         0,0           1

Tickets: tickets.log

2015-05-31 16:01:15,606 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-ZW74nIKOVEECbowbB0BT-localhost] for service [http://localhost:8080/cas-management/j_spring_cas_security_check] for user [admin]

Success and failed authentications, blockAttack: auth.log (works with CAS 3)

Thu Dec 18 15:47:00 CET 2014 - AUTHENTICATION_FAILED for '[username: admin]' from '127.0.0.1'
AccountLockingService::incrementAttempts() : [admin] - number of attempts : 3 of 3AccountLockingService::isAccountLocked() : [admin] added to user list
AccountLockingService::isAccountLocked() : [admin] locked
Account "admin" is locked for : 3 s
AccountLockingService::run() : [admin] removed from user list
Thu Dec 18 15:48:00 CET 2014 - AUTHENTICATION_SUCCESS for '[username: admin]' from '127.0.0.1‘

Rejected Services: rejectedServices.log

2015-05-31 16:02:31,091 WARN [org.jasig.cas.web.flow.ServiceAuthorizationCheck] - ServiceManagement: Unauthorized Service Access. Service [http://loc:8080/cas-management/j_spring_cas_security_check] is not found in service registry.

CAS management Services: cas-management.log

2015-05-31 16:01:15,606 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-ZW74nIKOVEECbowbB0BT-localhost] for service [http://localhost:8080/cas-management/j_spring_cas_security_check] for user [admin]

Trace (used by Esup AGIMUS-ng: Indicators and Usage): trace.log

TRACE-1-70RFFjeWwSqCfoqwHxUoimyMBELrhdlqAjhtlhoIpChkFnuG5f-localhost:admin

Authentication handlers "Discover"

Set Handlers to use in config.properties (reported in esup.properties file)

	# Handler to use (cf cas\WEB-INF\*.auth.xml to find id)
	# - ldapFastBindHandler : make a fast bind in ldap (AD or direct bind configuration)
	# - ldapFullBindHandler : make a search after a bind with find dn (OpenLdap or anonymous)
	# - fileEncAuthHandler : use a flat encoded file
	# - filePlainAuthHandler : use a flat plaintext file
	authHandlers=fileEncAuthHandler
	# IF USE ldapFullBindHandler
	#authHandlers=fileEncAuthHandler,ldapFullBindHandler
	
	authResolvers=primaryPrincipalResolver
	# IF USE ldapFullBindHandler
	#authResolvers=primaryPrincipalResolver,ldapPrincipalResolver
	defaultResolver=primaryPrincipalResolver

HandlersDiscover JAVA class: org.esupportail.cas.HandlersDiscover.java
- Browse the list of authentication Handlers, the list of authentication Resolvers
- Put each couple <AuthHandler, AuthResolver> within the HandlerMap used by Authentication Manager bean
Handlers to discover within src\main\webapp\WEB-INF\auth-configuration*-auth.xml
HandlerDiscover bean defined in src\main\webapp\WEB-INF\deployerConfigContext.xml

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
	<constructor-arg ref="handlerMap"/>
	...
	<property name="authenticationPolicy">
		<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
	</property>
</bean>

<bean id="handlerMap" class="org.springframework.beans.factory.config.MapFactoryBean">
	<property name="sourceMap">
	<map>
		<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
	</map>
	</property>
</bean>

<bean id="handlerDiscover" class="org.esupportail.cas.HandlersDiscover">
	<property name="handlersId" value="${cas.authHandlers}"/>
	<property name="resolversId" value="${cas.authResolvers}"/>
	<property name="defaultResolverId" value="${cas.defaultResolver}"/>
	<property name="mapToAdd" ref="handlerMap"/>
</bean>

Apereo CAS Documentation

http://jasig.github.io/cas/4.0.x/

Name		Name	Last commit message	Last commit date
Latest commit History 113 Commits
cas-toolbox-core		cas-toolbox-core
cas-toolbox-custom		cas-toolbox-custom
cas-toolbox-management		cas-toolbox-management
etc		etc
.gitignore		.gitignore
LICENSE		LICENSE
NOTICE		NOTICE
README.md		README.md
config.sample.properties		config.sample.properties
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ESUP CAS

About

Releases

Packages

Contributors 2

Languages

License

EsupPortail/cas-toolbox-new

Folders and files

Latest commit

History

Repository files navigation

ESUP CAS

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages