Step by step guide for simple CAS server with OpenLDAP authentication

825 views
Skip to first unread message

Tokyo

unread,
Feb 17, 2018, 12:17:38 PM2/17/18
to CAS Community
Hello list,

I've been looking through search engines for a deployment guide for an easy implementation of a CAS server with ldap authentication, but haven't found any (or any that was recent).
I also looked at the official documentation, but it's more confusing than helping. I'm looking for a step by step guide for someone who's not familiar with the software.
Can someone please point me to a recent guide for such an implementation ?

Any help is much appreciated.

Thanks !

Matthew Uribe

unread,
Feb 17, 2018, 4:05:46 PM2/17/18
to CAS Community
I have found David Curry's guide incredibly helpful.

https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html

Matt

Matthew Hannay

unread,
Feb 18, 2018, 6:18:31 PM2/18/18
to CAS Community

sami

unread,
Feb 19, 2018, 7:38:19 AM2/19/18
to cas-...@apereo.org
Thank you Matt and Matt. I'll take a look at them both.

--
Sami
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/LgZzuXvh3OY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ee950fd-eb76-4c9a-b979-424178548047%40apereo.org.

sami

unread,
Feb 26, 2018, 9:18:40 AM2/26/18
to cas-...@apereo.org

I've been following this guide throughout https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html, and everything has been going smoothly so far; up to the part where I needed to add the ldap authentication. The log says cas is deployed with errors.
Catalina logs: https://pastebin.com/eitkHDQs
And this is my cas.properties file:

cas.server.name:                        https://cas.uni.edu
cas.server.prefix:                      ${cas.server.name}/cas

cas.tgc.secure:                         true
cas.tgc.crypto.signing.key:             KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
cas.tgc.crypto.encryption.key:          KKKKKKKKKKKKKKKKKKKKKKKKKKKKK

cas.webflow.crypto.signing.key:         WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
cas.webflow.crypto.encryption.key:      wwwwwwwwwwwwwwwwwwwwwwwwww==

cas.authn.accept.users:
cas.adminPagesSecurity.ip=127\.0\.0\.1

logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.config.location: file:/etc/cas/services

cas.authn.ldap[0].order:                0
cas.authn.ldap[0].name:                 OpenLDAP
cas.authn.ldap[0].type:                 AUTHENTICATED
cas.authn.ldap[0].ldapUrl:              ldap://ldap.uni.edu
cas.authn.ldap[0].validatePeriod:       270
cas.authn.ldap[0].userFilter:           uid={user}
cas.authn.ldap[0].baseDn:               ou=people,dc=uni,dc=edu
cas.authn.ldap[0].bindDn:               cn=manager,dc=uni,dc=edu
cas.authn.ldap[0].bindCredential:       Password

Tried to debug, but being new to this and having 200 lines of errors thrown at you doesn't make it much of an easy task.
I'm hoping someone could point me to the right direction.
Thanks !

David Curry

unread,
Feb 26, 2018, 9:35:39 AM2/26/18
to cas-...@apereo.org
Sami,

Do you have the LDAP dependency in pom.xml?

        <dependency>
            <groupId>org.apereo.cas</groupId>
            <artifactId>cas-server-support-ldap</artifactId>
            <version>${cas.version}</version>
        </dependency>

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/13e7d691-1d79-d94c-d15f-63977b81e588%40gmail.com.

sami

unread,
Feb 26, 2018, 10:21:16 AM2/26/18
to cas-...@apereo.org
Hi David,
Yep, already got that.

You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/LgZzuXvh3OY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.

David Curry

unread,
Feb 26, 2018, 11:53:05 AM2/26/18
to cas-...@apereo.org
Do you get any log entries in cas.log? Sometimes those can be a little more informative than the ones in catalina.out.

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/LgZzuXvh3OY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP-rZWiEj5ZRB2%2BraMeN7wrz_Kb1BaNL7%2B1FrCni7gPkg%40mail.gmail.com.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0021193-740d-ad17-e81b-7d7a20ecf1ea%40gmail.com.

sami

unread,
Feb 26, 2018, 12:32:00 PM2/26/18
to cas-...@apereo.org
Dave,
That was a really helpful insight, cas.log indeed provides a more "debuggable" output.
CAS uses the port 636 by default, so I just had to disable SSL since we use startTLS on 389 instead.
For reference, the entry is:

cas.authn.ldap[0].useSsl:               false

Thank you !
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMo04GJL8W3sixnPXorpuRUKJcJfm8%2Bq6a9GQZ-nqkKWQ%40mail.gmail.com.

David Curry

unread,
Feb 26, 2018, 12:34:31 PM2/26/18
to cas-...@apereo.org
Glad you figured it out. Note that if you turn on debug logging for anything (in log4j2.xml), those messages will also go to cas.log. In my personal experience, the cas.log messages are more helpful than the catalina.out messages about 4 times out of 5.

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/LgZzuXvh3OY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ed7ae9d-757e-e509-3773-1dd0c1143459%40gmail.com.

Reply all
Reply to author
Forward
0 new messages