Guide to Deploying CAS 6 - with Ansible, MFA, and Delegated authentication

Paul Chauvet

unread,

May 12, 2021, 5:12:14 PM5/12/21

to cas-...@apereo.org

Hi all,

Over the past couple of months - in my (vanishingly small) free time, I created a guide to deploying Apereo CAS 6 (6.3.x specifically). I did this because I've benefited from the documentation others have done in the past (especially David Curry's CAS 5 version) - and wanted see if my stumbling, experimentation, trial and error could benefit others.

The documentation is available on Github.io: http://paulchauvet.github.io/deploying-cas

It covers the following topics:

Using Ansible to deploy Tomcat and CAS (including configs, services, etc.)
Vanilla CAS deployment - with functionality progressively added to it
Service Configuration
Active Directory authentication and attribute release
Duo MFA support
Ticket registry via Hazelcast
Delegating authentication from CAS to Azure
Theming (this one is very incomplete - I'll add more to that soon).

I can't guarantee it will be usable for anyone - and even for those who it is usable for whether all of it will be usable. I am not the CAS expert that many here on the list are - and I don't know the underlying Java code well enough to cover that here. But hopefully some will find some benefit on it.

This is my first public documentation like this (my other documentation is meant for internal IT staff, or end-users). I started this as a way to document for other IT staff members in case the proverbial bus hits me - but realized it may have benefit to others.

If you have suggestions/corrections/objections/etc., let me know.

P.S. I've got a ton of help from others on various topics - both on the CAS list and colleagues within SUNY. I apologize if I missed anyone here!

Acknowledgements

Paul Chauvet, CISSP

Information Security Officer

State University of New York at New Paltz

chau...@newpaltz.edu